- Jun 11, 2013
- Gigabyte GA-Z87X-UD5H
- GTX 1080 Ti
- Classic Mac
- Mobile Phone
it's been found: - google keystone messing with /var on macs with SIP disabled:
I ran the suggested check and although my own SIP is 'disabled', at least as far as is usually required for Hackintosh use i.e. CSR = 0x67 & BooterConfig = 0x28, I had the first, var is SIP protected, response.
/var is supposed to be unmodifiable. Period. It's one of the protected root directories. Those are supposed to be unchangeable even with SIP disabled. The fact that a mere launch daemon could get in there and alter it without even so much as user input such as a root password means there's a serious gap in OS X security (and that someone at Google was doing something really wrong).
One of the immediate side effects of this happening was that all functionality in the OS was essentially lost. Anything that used .kext input was disabled. Audio, internet, etc. That's why I rebooted because I lost internet even though I could get through to the cable modem and router just fine. Then I got hit with the dreaded shutdown on bootup.
I was able to restore functionality before this article got posted because I had a working Sierra installer with Clover on it to boot from and reinstall the OS (which resets symlinks to defaults). Not everyone is that lucky.
Chrome just got nuked from orbit on all of my systems. Fool me once...