XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
It is currently Sun Jun 25, 2017 5:57 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 7 posts ] 
Author Message
PostPosted: Sat Jan 07, 2017 12:04 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5852
Location: NYC
Discovered that Console keeps getting spammed with the following (small example):
1/7/17 1:12:45.746 PM lsd[268]: LaunchServices: Could not store lsd-identifiers file at /private/var/db/lsd/com.apple.lsdschemes.plist
1/7/17 1:16:54.211 PM lsd[268]: LaunchServices: Could not store lsd-identifiers file at /private/var/db/lsd/com.apple.lsdschemes.plist


(These logs seem to be get written mostly when certain apps are opened.)

Found the following thread at ASC, which was started at the first release of 10.11. Seems to never really have been solved. Just asked some follow up questions there (unanswered, as yet.)

https://discussions.apple.com/message/31216389#31216389

Long story short, /private/var/db/lsd/com.apple.lsdschemes.plist does not exist, nor does the enclosing directory lsd (and what is completely insane is that something called lsd-identifiers, whatever the fuck that is, wants to write to that plist, but there is no there there. That plist doesn't exist. I occasionally see a message about that missing plist to the effect of "doesn't exist, will create file"--naturally, nothing is created, nothing happens and the log spamming continues. Nice to see that Apple never fixed this, even after 6 point updates. Looks like some Apple programmers were tripping on lsd when they wrote this, and never realized what they did.

So manually created that directory and the enclosed plist, in /private/var/db, with ownership root (anything else in /db is owned by root.) Regardless, the log spamming continues.The only thing that stops these messages is to make my user owner of both the directory and the enclosed plist--then I suppose it can write whatever it goddamn pleases. (Note: the log spamming stops, but nothing actually gets written to that plist. Stays at exactly 42 bytes, whether it can write or not. Completely fucking crazy!)

Code:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict/>
</plist>


Main question: everything else in /db is owned by root, am I running any security risk with the following permissions which have my user as owner (wheel and everyone can't write, only my user can)? As I said, this is the only thing that makes this garbage stop.

ls -la /private/var/db/lsd
total 8
drwxr-xr-x 3 myuser wheel 102 Jan 7 13:42 .
drwxr-xr-x 85 root wheel 2890 Jan 7 13:33 ..
-rwxr-xr-x 1 myuser wheel 42 Jan 7 13:42 com.apple.lsdschemes.plist


Second question. Not sure just how these two lsd.plists in LaunchAgents and in LaunchDaemons are implicated, or what they're supposed to do. But could be they are responsible for generating this insane junk. What if I launchctl unload both of them? They look very similar. (Of course, will need to disable SIP first.) No idea what they're supposed to do, but maybe no adverse effects from disabling those?

The lsd.plist in LaunchAgents first (they seem to be identical, except for runAsRoot for the Daemon:

Code:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
   <key>EnablePressuredExit</key>
   <false/>
   <key>EnableTransactions</key>
   <true/>
   <key>Label</key>
   <string>com.apple.lsd</string>
   <key>MachServices</key>
   <dict>
      <key>com.apple.lsd.advertisingidentifiers</key>
      <true/>
      <key>com.apple.lsd.icons</key>
      <true/>
      <key>com.apple.lsd.mapdb</key>
      <true/>
      <key>com.apple.lsd.modifydb</key>
      <true/>
      <key>com.apple.lsd.open</key>
      <true/>
      <key>com.apple.lsd.openurl</key>
      <true/>
      <key>com.apple.lsd.plugin</key>
      <true/>
      <key>com.apple.lsd.xpc</key>
      <true/>
   </dict>
   <key>POSIXSpawnType</key>
   <string>Adaptive</string>
   <key>ProgramArguments</key>
   <array>
      <string>/usr/libexec/lsd</string>
   </array>
   <key>ThrottleInterval</key>
   <integer>1</integer>
</dict>
</plist>


LaunchDaemon next:

Code:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
   <key>EnablePressuredExit</key>
   <false/>
   <key>EnableTransactions</key>
   <true/>
   <key>Label</key>
   <string>com.apple.lsd</string>
   <key>MachServices</key>
   <dict>
      <key>com.apple.lsd.advertisingidentifiers</key>
      <true/>
      <key>com.apple.lsd.icons</key>
      <true/>
      <key>com.apple.lsd.mapdb</key>
      <true/>
      <key>com.apple.lsd.modifydb</key>
      <true/>
      <key>com.apple.lsd.open</key>
      <true/>
      <key>com.apple.lsd.openurl</key>
      <true/>
      <key>com.apple.lsd.plugin</key>
      <true/>
      <key>com.apple.lsd.xpc</key>
      <true/>
   </dict>
   <key>POSIXSpawnType</key>
   <string>Adaptive</string>
   <key>ProgramArguments</key>
   <array>
      <string>/usr/libexec/lsd</string>
      <string>runAsRoot</string>
   </array>
   <key>ThrottleInterval</key>
   <integer>1</integer>
</dict>
</plist>






Top
 Profile  
 
PostPosted: Sat Jan 07, 2017 2:22 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14485
So, this didn't help?

Anon Helper Mar 13, 2016 2:38 PM in response to vfC Level 1 Level 1 (5 points)
Mar 13, 2016 2:38 PM in response to vfC
After struggling with this for longer than reasonable before realizing it was a red herring entirely unrelated to my actual issue (which, unfortunately, I would strongly suggest is the case for everyone), I'm posting the comprehensive collection of steps necessary to fully resolve this. All of the responses so far contain partial solutions with assumptions about existing permissions, being logged in as root, rebooting afterwards, etc. The below solution is less invasive than doing Linc's full ownership/permissions resets, as suggested by a couple replies.

INSTRUCTIONS

Run ALL of the commands below, even if you think they're redundant to steps you've previously taken -- and especially since there may be other permissions issues at play. None of them are destructive.

Create the folder

sudo mkdir /private/var/db/lsd

Create the file

sudo touch /private/var/db/lsd/com.apple.lsdschemes.plist

Set ownership
Note: It should already be set to this if created by the above command, but running this command ensures that if the file or folder already existed (or if you have weird group assignments), the ownership is corrected.

sudo chown -R root:wheel /private/var/db/lsd

Set permissions
Warning: While unlikely, this could potentially allow someone to achieve escalated permissions on your device, but only if they've already hacked into a user account... at which point, you're probably already screwed.

sudo chmod -R 777 /private/var/db/lsd

Set extended attributes (optional?)
Note: Probably unnecessary, but also totally harmless. And if you want to be sure it matches what others have reported from working installs...

xattr -wr com.apple.finder.copy.source.checksum#N 4 /private/var/db/lsd
xattr -wr com.apple.metadata:_kTimeMachineNewestSnapshot 50 /private/var/db/lsd
xattr -wr com.apple.metadata:_kTimeMachineOldestSnapshot 50 /private/var/db/lsd

Restart Launch Services Dameon
Note: This is something unmentioned in other posts and can cause a lot of grief in troubleshooting. If things were significantly messed up to start with, the service needs to be restarted in order for the change to be picked up by the process.

sudo killall -9 lsd

Wait up to 60 seconds for the service to restart


(Final note: lsd is NOT Little Snitch Daemon. The similarities in naming are a coincidence. Don't try to uninstall or disable lsd.)


Top
 Profile  
 
PostPosted: Sat Jan 07, 2017 3:39 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5852
Location: NYC
Not sure about all of that. Instead of running his sudo chmod R-777, which gives everone write, I ended up not giving everyone write, which I see as possibly being more of a security risk, and instead making my user the owner, with full r-w-x, while wheel and everyone only get r-x, no write. Maybe easier for everyone to do malicious stuff than my user, which always runs standard.

Which brings me back to my original question, I don't know if it's unsafe to give my user ownership of this directory and file. I know that what I did stops these nuisance logs, but since I really have no idea what all this lsd stuff is supposed to do, it's kind of difficult to know if giving elevated access to my user at this particular path is risky or not. Right now it's a tossup between making my user the owner with full write, or keeping the owner as root and giving wheel and everyone full write. Haven't tried it his way yet, but simple enough to make those changes.* Could be the permissions I have set are more restrictive, safer than a 777.

Wouldn't use any of his xattr/TM stuff, since I don't think that's really related or necessary.

*EDIT: or maybe neither way is safe?


Top
 Profile  
 
PostPosted: Sun Jan 08, 2017 3:57 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9636
Location: North of the State of Jefferson
I think lsd is launch services itself, so disabling it would probably be really bad. If you did that you might be able to fix it in single user mode with enough patience.

I doubt there's a significant security problem with the ownership and read/write privileges of any individual files in that folder. I'd not grant arbitrary rwx privileges to the enclosing folder. If you're concerned, you could assign it 772 privileges which gives the user and group unfettered read/write/execute privileges, and everyone else write privileges.

- Anonymous


Top
 Profile  
 
PostPosted: Sun Jan 08, 2017 5:40 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5852
Location: NYC
Anonymous wrote:
I think lsd is launch services itself, so disabling it would probably be really bad. If you did that you might be able to fix it in single user mode with enough patience.

I doubt there's a significant security problem with the ownership and read/write privileges of any individual files in that folder. I'd not grant arbitrary rwx privileges to the enclosing folder. If you're concerned, you could assign it 772 privileges which gives the user and group unfettered read/write/execute privileges, and everyone else write privileges.

- Anonymous

Thanks, will try giving the lsd I created in /var/db 772 and test. However, someone in that ASC thread--but could have been elsewhere, since I was looking everywhere for any scrap of insight into this insane issue--said that the lsd LaunchAgent/Daemons were new to 10.11. That's what led me to believe they might not be essential. I wonder if they also exist in my 10.8 or 10.9.


Top
 Profile  
 
PostPosted: Sun Jan 08, 2017 6:21 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14485
My 10.9, 10.10, & 10.11 drives & the backups died a few days ago or id check.


Top
 Profile  
 
PostPosted: Mon Jan 09, 2017 5:20 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5852
Location: NYC
BDAqua wrote:
My 10.9, 10.10, & 10.11 drives & the backups died a few days ago or id check.

Bummer, sorry to hear that.

Just checked both my 10.9 and 10.8. Nothing there "lsd" in LaunchAgents/Daemons. In 10.9 and 10.8 found com.apple.LaunchServices.lsboxd.plist, in LaunchAgents. No idea what this one is supposed to do, but a possible explanation here. http://apple.stackexchange.com/question ... do-on-os-x

Don't have a 10.10 to check.

Code:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
   <key>Disabled</key>
   <false/>
   <key>RunAtLoad</key>
   <true/>
   <key>EnableTransactions</key>
   <false/>
   <key>Label</key>
   <string>com.apple.LaunchServices.lsboxd</string>
   <key>MachServices</key>
   <dict>
      <key>com.apple.ls.boxd</key>
      <true/>
   </dict>
   <key>POSIXSpawnType</key>
   <string>Adaptive</string>
   <key>ProgramArguments</key>
   <array>
      <string>/usr/libexec/lsboxd</string>
   </array>
</dict>
</plist>


And the following is what I come up with for rebuilding Launch Services in 10.11. Haven't tried this one, ran it from Onyx.

Code:
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -kill -seed


BTW, maybe overkill, but gave both the lsd directory and the enclosed plist 770 750--still at exactly 42 bytes, nothing ever gets written there--which seems to work just fine. Continues to keep these junk logs at bay.

EDIT: and the strangest thing is that I was getting spammed by these messages only on the Mini. The iMac, where I haven't had to lift a finger to do anything about this, no var/db/lsd or plist created, gets maybe two or three per day. Won't get crazy trying to figure that one out.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group