Subject: [kinda OT] really weird osx / os9 behavior
From: nathan r. hruby (nhruby@arches.uga.edu)
Date: Wed Oct 31 2001 - 12:11:39 MST
Hey,
I know this is a bit off topic, but the yellowdog forum is full of die
hard knowledgeable mac folks, so please bear with me 'cause this is
strange. No, this is not a Halloween prank (unless some one has really
pulled the wool over *my* eyes too!)
So I got to work today and my g4-400 (AGP) instead of presenting me with a
happy OSX login, presents me with the "Welcome to MacOSX - let's setup
your computer now" setup screens. Argh. I dutifly follow the setup
screen, hoping that I can login long enbough to grab my data and re-fromat
because obviously something is wrong. Halts after the User Creation
Screen. No mouse response, nothing. Hit the Restart button. Chime,
Happy Mac, Kernel Panic. Uh-oh... I try restarting again, still no dice
so I zap the pram in hopes that the machine will at least boot back into
OS9, which it does.
Now, in OS9, everything looks odd. No desktop picture, just the default
lolipop pattern. No sounds, desktop is empty, my desktop printers are now
folders. What the..? I open up the Apple Menu. Chooser is gone as is
the extensions manger from the control panels. Open up Applications (OS9)
Folder. All the App folders are still there, but no Apps. Every single
app icon has dissapeared -- psd's, gone, jpeg's, gone -- as are .doc,
.xls, etc... Much swearing and a half pack of smokes later I'm slightly
calmer, damn I wish I hadn't skipped the second cup of coffee this
morning.....
Anyway, I load up the TechTool CD and fire it up. It reports a few
problems but they are easily fixable (I was hurring and didn't write them
down, sorry). Disk First Aid says all is well. Nothing can see my UFS
formatted OSX drive, next time I know.. go with HFS ;) File Buddy can't
see anything unusal, it's like all my data and apps are gone. I do notice
that the modification time for *everything* in the Applications folder
reads: "Today 3:22 AM" Really odd. A lot of the other folders have
similar mod times too, but not everything. Anything that's an executable
or data seems to have gone away. Alaises don't work, but a few of the
aliases in the Recent Applications menu do (Entorage, Word, Excel) but
nothing else. I can't rememebr checking the Oddice 2001 folder to see if
they were there before I ran them, so I'll assume (for some odd reason)
they were.
So, just to see if I can I use the YDL-2.0 Rescue disk on the tasty
Morsels CD to mount the HFS+ OS9 drive and the UFS OSX drive (maybe I can
resuce some data, or at least look at the OSX syslog to see what the f*&k
happened). So after booting I use parted to look at the partition table to
find what's what. osx is on /dev/hda12 and os9 on /dev/hd5. My YDL 2
laptop says it knows about ufs so I assume that the resuce CD wouls have
the smae stuff. Double check kernel version just to be sure, both are
2.2.19-1k. So I try "mount -t ufs /dev/hda12 /osx" (after a "mkdir /osx")
And mount reports it can't exec modprobe. I look for modules, there are
none. I look for modprobe. It ain't there. Argh! I think maybe I can
nfs mount my laptop and use modprobe and /lib/modules from there (same
kernel.. I'm desperate, what the hell.) so I edit /etc/exportfs and
/sbin/service portmap on and /sbin/service nfs on. All's well with the
laptop. Next I try "mount -t nfs ip.addr.of.laptop:/ /laptop" and the
kernel warns me that mount is older than the kernel and that mount failed
to pass the address to the kernel NFS stuff and it fails. If anyone wants
the specfic error messages, just say so and I'll repeat the steps and psot
the exact errors.
So after a nice long ramble:
1) Has anyone seen this sort of OSX and OS9 behvior before? I thought it
was a virus, but can't find any mac viri that do this under OSX.
2) Have there been any expoitable remote root compromises on OSX? I was
not running openssh or Apache or ftp. Just filesharing and nfs (cause
I still can't find a way to turn NFS off in OSX) Perhaps I got
cracked?
3) Has anyone else used the Ponoma Rescue CD? Am I missing something?
Can NFS mounts be accomplished with the rescue kernel? Can I grab
kernel modules from someplace else and force the runing kernel to use
them?
4) Does the YDL-2.1 Tasty Morsels CD have the kernel modules in it or
is the kernel compiled with UFS? (Hint Hint Dan - Might be handy for
rescuing OSX boxes :)
5) Is there a project underway to make a HFS+ kernel module (yes, I
mounted my HFS+ drive with the resuce CD which only understands HFS..
Try it sometime.. It's amusing :)
6) Will the kernel on a rescue cd see a Zip Drive?
Umm.. help?! I'll buy the tasty beverage of choice to anyone the next
time they're in the Atlanta area!
-n, thinking perhaps this should of gone to mac-mgrs, but the list-mom
scares me :)
-- ...... nathan hruby - nhruby@arches.uga.edu computer support specialist department of drama and theatre http://www.drama.uga.edu/ ......
This archive was generated by hypermail 2a24 : Wed Oct 31 2001 - 12:24:08 MST