Latest post Sat, Sep 28 2019 4:42 PM by Marianna. 1 replies.
Page 1 of 1 (2 items)
Sort Posts: Previous Next
  • Sat, Sep 28 2019 2:53 PM

    • GaryF
    • Not Ranked
    • Joined on Mon, Jan 30 2012
    • Posts 88
    • Points 1,305

    Avid crashes due to Google ? Google response ???

    Before I believe Avid's version as to why some systems crashed I would like to here Google's response. So far all I can find are posts from Avid saying "...not our fault..." . Can anyone point me to a staement put out by Google ? It seems the story is not complete for me yet. Google must do some sort of investigation into stuff like this.  Still very happy using MC 7 on my iMac.

     

    Thanks

  • Sat, Sep 28 2019 4:42 PM In reply to

    • Marianna
    • Top 10 Contributor
    • Joined on Thu, Oct 13 2005
    • Avid
    • Posts 11,551
    • Points 255,080
    • Avid Beta Moderators
      Avid Customer Advocate
      Avid Developer Moderator
      BlogAuthor
      SystemAdministrator

    Re: Avid crashes due to Google ? Google response ???

    GaryF:

    Before I believe Avid's version as to why some systems crashed I would like to here Google's response. So far all I can find are posts from Avid saying "...not our fault..." . Can anyone point me to a staement put out by Google ? It seems the story is not complete for me yet. Google must do some sort of investigation into stuff like this.  Still very happy using MC 7 on my iMac.

    Thanks

    From the Slack forum.....

    A detailed explanation from Chrome product development team. Basically, its not really just SIP

    Hello Ted,

    We have more information about the bug at this time that may be relevant to your organization.

    The defective version of Keystone deletes the /var symlink only when it is possible for an ordinary user not elevated to root (not escalated to administrator) is able to write to system files. This usually means System Integrity Protection is disabled, and additionally means that permissions on important system folders (/ and /var) are 0775 or 0777 - group-writable or even more permissive. This is a very insecure configuration because it permits arbitrary unprivileged software to modify the operating system, including both bugs (sorry about that) and malware.

    I recommend investigating why a non-root user can write to / or /var on business-critical machines in your organization and making them more secure if at all possible. We missed this bug in testing because we did not have a system configuration like this in our tests. (We do now.) While we have obviously learned our lesson from this and will take steps to avoid corrupting system configurations like this in the future, your systems will remain unusually vulnerable to bugs in software that thinks it can't do any real harm because it doesn't run as root until the configuration changes.

    Finally, if you still have machines in the broken state, we now have directions up at https://support.google.com/chrome/thread/15235262 for how to recover them.

    Speaking on behalf only of myself, and not of my employer, I personally apologize for the substantial inconvenience. 
    Suffice to say I've learned a lot about unexpected Mac system configurations over the last three days.

    --Adam B. Norberg
    Director of CSM | Customer Advocate [view my complete system specs]
Page 1 of 1 (2 items)

© Copyright 2011 Avid Technology, Inc.  Terms of Use |  Privacy Policy |  Site Map |  Find a Reseller