Security Update 2008-002 issues may be cleared up by Rogue Amoeba fix

As many of you have reported, there are a few hiccups for some who have installed the latest Leopard security update. Two of the areas of concern are ssh (no connectivity or a crash) and printing (errors out, documents never finish spooling), with various fixes offered (reinstalling the 10.5.2 combo update, installing a standalone SSH build) and various degrees of success reported.

One emergent common thread for some of the problems is the presence of a Rogue Amoeba audio utility, and the gang in the petri dish have responded with a revised version of the Instant Hijack framework. The new 2.0.3 version aims to address a bug that has been latent since the introduction of Leopard's position-independent executables feature, where certain sensitive processes (like, say, ssh) could be run from a randomized memory address, avoiding attack vectors that depend on targeting a specific vulnerable spot within the code.

Up until the 2008-002 security patches, according to RA, the PIE feature wasn't used for anything yet -- after the update, surprise surprise, ssh is being moved around when it runs. Since Instant Hijack inspects newly launched processes to see if they have audio properties, it tries to look at the ssh instance in memory -- hey, wherdja go? Hence the problem.

If you have been experiencing ssh issues and have Rogue Amoeba apps installed, try the patch and let us know what happens.

[via Daring Fireball + Apple discussions]
Share