Skip navigation

crsud process with security update 2013-001

36883 Views 168 Replies Latest reply: Sep 8, 2013 9:10 AM by MadMacs0 RSS
  • baltwo Level 9 Level 9 (59,180 points)
    Currently Being Moderated
    Apr 8, 2013 5:48 PM (in response to MadMacs0)

    Start interval is daily:

     

    cat /System/Library/LaunchDaemons/com.apple.xprotectupdater.plist


    <?xml version="1.0" encoding="UTF-8"?>

    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

    <plist version="1.0">

    <dict>

              <key>StartInterval</key>

              <integer>86400</integer>

              <key>Label</key>

              <string>com.apple.xprotectupdater</string>

              <key>ProgramArguments</key>

              <array>

                        <string>/usr/libexec/XProtectUpdater</string>

              </array>

              <key>RunAtLoad</key>

              <true/>

    </dict>

    </plist>

    27&quot; i7 iMac SL, Lion, OS X Mountain Lion (10.8.3), G4 450 MP w/Leopard, 9.2.2
  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    Apr 8, 2013 6:03 PM (in response to MadMacs0)

    I doubt that it's at all connected with XProtect....

    (And congratulations on the new computer.)

     

    What do you make of this then, from strings /usr/libexec/crsud (the "errors" appear because it wasn't actually executing.)

     

    com.apple.xprotectupdater

     

    com.apple.crsud

     

    TRUE

     

    xProtect = %@, crsud = %@

     

    Syncing up xprotect and codeginger preferences...

     

    com.apple.ServiceManagement.daemons.modify

     

    Error obtaining right to modify launch prefs: %@

     

    Disabling crsud service - xprotect was found disabled...

  • MadMacs0 Level 4 Level 4 (3,330 points)
    Currently Being Moderated
    Apr 8, 2013 11:39 PM (in response to baltwo)

    Thanks baltwo. What system does that one come from. Looks to be identical to mine from ML.

     

    WZZZ and I have just been continuing to speculate on how the new system works, specifically whether the crsud process also updates XProtect and does toggling the "Automatically install important security updates" will accelerate a check of XProtect the way the old "...safe downloads" preference did.

     

    A side issue was whether the StartInterval represents real time or computer up time and if that is different for SL users.

  • ds store Level 7 Level 7 (30,305 points)
    Currently Being Moderated
    Apr 9, 2013 4:21 AM (in response to MadMacs0)

    Xprotect and crsud have two different processes, connections/servers/times etc. on 10.6.8

     

    Screen shot 2013-04-09 at 7.16.08 AM.jpg

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    Apr 9, 2013 4:33 AM (in response to ds store)

    They are two different processes, but from strings, above, it looks like they are meant somehow to work together or in sync at times. The full output of strings is in my post on the previous page; I may have missed some other references to XProtect.

  • baltwo Level 9 Level 9 (59,180 points)
    Currently Being Moderated
    Apr 9, 2013 10:17 AM (in response to MadMacs0)

    MadMacs0 wrote:

    Thanks baltwo. What system does that one come from. Looks to be identical to mine from ML.

    This is from SL. I've disabled crsud on it. Can't remember why, but it shouldn't affect anything.

    27&quot; i7 iMac SL, Lion, OS X Mountain Lion (10.8.3), G4 450 MP w/Leopard, 9.2.2
  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    Apr 9, 2013 10:26 AM (in response to baltwo)

    Can't remember why, but it shouldn't affect anything.

    I don't think crsud is harmful or privacy invading. If anything, it's meant to enhance security...somehow. Personally, I wouldn't have disabled it.

  • andyBall_uk Level 6 Level 6 (17,595 points)
    Currently Being Moderated
    Apr 9, 2013 10:40 AM (in response to WZZZ)

    >>somehow

    by allowing certain updates regardless of who is using the computer, no?

     

    >>Hard to imagine it silently installing a security update

    but isn't that exactly what it did, albeit a simple script & .emptypayload ?

     

    btw - ...index-cr-lion[snowleopard]-1.sucatalog seems unavailable now - test completed, perhaps.

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    Apr 9, 2013 10:48 AM (in response to andyBall_uk)

    >>somehow

     

    by allowing certain updates regardless of who is using the computer, no?

    But please explain. Why would it matter for this who is using the computer? Is it that you think this is vulnerable to being compromised by some kind of exploit and needs an informed user to prevent that?

  • baltwo Level 9 Level 9 (59,180 points)
    Currently Being Moderated
    Apr 9, 2013 10:51 AM (in response to WZZZ)

    WZZZ wrote:

    I don't think crsud is harmful or privacy invading. If anything, it's meant to enhance security...somehow.

    Too much mommy Apple for me. I let Xprotect do its thing and that should be sufficient. I've disabled all autoupdaters on my machines on all OSs. I'm responsible enough to provide for my own security.

    27&quot; i7 iMac SL, Lion, OS X Mountain Lion (10.8.3), G4 450 MP w/Leopard, 9.2.2
  • andyBall_uk Level 6 Level 6 (17,595 points)
    Currently Being Moderated
    Apr 9, 2013 10:55 AM (in response to WZZZ)

    >>Is it that you think this is vulnerable to being compromised by some kind of exploit

    No

     

    >>Why would it matter for this who is using the computer?

    As I see it, the change allows 'critical' updates w/o confirmation or admin approval. They don't pop up in sw update where they can be dismissed, and will occur regardless of software update automatic checks being disabled.

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    Apr 9, 2013 10:56 AM (in response to baltwo)

    I'm responsible enough to provide for my own security.

    But you can't write your own security patches.

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    Apr 9, 2013 11:04 AM (in response to andyBall_uk)

    andyBall_uk wrote:

     

    >>Is it that you think this is vulnerable to being compromised by some kind of exploit

    No

     

    >>Why would it matter for this who is using the computer?

    As I see it, the change allows 'critical' updates w/o confirmation or admin approval. They don't pop up in sw update where they can be dismissed, and will occur regardless of software update automatic checks being disabled.

    I see what you're saying, but what if this is the only way going forward that Snow will be getting security updates? I guess we need to know more. I agree, I always like to wait a few days to see what trouble a security update might be causing. Set up this way, that will no longer be possible.

     

    Message was edited by: WZZZ

  • baltwo Level 9 Level 9 (59,180 points)
    Currently Being Moderated
    Apr 9, 2013 11:04 AM (in response to WZZZ)

    WZZZ wrote:

    …but what if this is the only way going forward that Snow will be getting security updates?

    Then, Apple should be shot. Autoupdates w/o user intervention is beyond nuts.

    27&quot; i7 iMac SL, Lion, OS X Mountain Lion (10.8.3), G4 450 MP w/Leopard, 9.2.2
  • andyBall_uk Level 6 Level 6 (17,595 points)
    Currently Being Moderated
    Apr 9, 2013 11:04 AM (in response to WZZZ)

    >>what if this is the only way going forward that Snow will be getting security updates...I guess we need to know more.

    Yes indeed - I'd hope that Apple would say something if that became so.

1 ... 4 5 6 7 8 ... 12 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.