Time machine - applications in backup still run

Discussion in 'Apple' started by Steven Fisher, Nov 1, 2007.

  1. I filed this as radar #5574036, but it seems significant to share:

    Imagine that you trash an application because of a security flaw. Say,
    it handles the URL type foofoo, and is proven to be a security risk. But
    the developer won't fix it (or hasn't fixed it yet), so you've removed
    the application from your hard drive to keep yourself safe.

    It doesn't work that way -- you're not safe. Time machine has made a
    copy in your time machine backup that Mac OS X will cheerfully launch
    without a warning.
    Steven Fisher, Nov 1, 2007
    1. Advertisements

  2. Do apps deleted but available in a TM backup still appear in the
    Finder's "Open With" menu? And if you have a newer version installed and
    older versions in the backup, do you get several entries in the menu
    then (as you get with Tiger if you have a drive mounted with a duplicate
    of your system)?

    Jochem Huhmann, Nov 1, 2007
    1. Advertisements

  3. I checked a few more things. Keep in mind I'm not implying security
    problems with these applications, I just picked them because I knew I
    could find odd ways to select them:

    * Adium still appears in the Default IM Application menu in iChat.
    * TextWrangler still appears in the Open With menu in the Finder.
    (Actually, the first time I brought open the Open With menu after
    trashing it the Finder crashed and restarted.)
    * Documents bound to TextWrangler were still bound to it.

    That last point makes me think that the same would have been true of
    Adium if it was the default handler for text messages. I haven't tested
    that, though.

    I'm not seeing multiple versions, but given the general problem -- Mac
    OS X doesn't recognize the backup database as unusual in any way -- I
    would expect it would if I had older versions lying around. :)
    Steven Fisher, Nov 1, 2007
  4. The short-short version seems to be that Mac OS X doesn't realize
    there's anything different about the backup in terms of launch services,
    url handling, etc, etc.

    A Very Bad Thing indeed.
    Steven Fisher, Nov 1, 2007
  5. It's curious that this wasn't catched while testing... but then
    many things around launch services feel slightly broken. Anyway, it
    can't be the way things are supposed to work when you effectively can't
    delete apps anymore without hunting them down in your backup and
    deleting them there, too. That's not how backups should work...

    Jochem Huhmann, Nov 1, 2007
  6. It's actually worse than that: The Finder won't delete items from the
    backup. (I imagine you can do it with the shell, but haven't bothered
    trying since at this point this is a theoretical problem rather than a
    practical one.)
    Steven Fisher, Nov 1, 2007
  7. The backup database itself is owned by root and read only to everyone
    Steven Fisher, Nov 1, 2007
  8. Well, not allowing the Finder to delete items from the backup seems just
    reasonable. But making the launch services to *not* ignore the TM volume
    is just plain crazy. 10.5.1 will have to come soon, I suppose.

    Jochem Huhmann, Nov 1, 2007
  9. Agreed. It is entirely reasonable, and wouldn't be a problem except
    Exactly. :) Until it does come out, we'll just have to hope that nothing
    is discovered in ANY application we have installed.

    That's a bit of a long shot, isn't it?
    Steven Fisher, Nov 1, 2007
  10. Judging from the fact that the iPhone and iPod touch have a remote root
    exploit out in the wild and Apple doesn't seem to care at all (you have
    to jailbreak the things to be able to secure them with a third-party
    binary patch) this seems to be only a quite minor buglet which won't
    cause Apple to hurry, I suppose. They will wait until the flood of bug
    reports tapers off. Which again may be quite reasonable...

    Jochem Huhmann, Nov 1, 2007
  11. Ah, that'll work. Things aren't as desperate as I thought.

    It's still a problem that applications are being launched out of the
    backup without confirmation, though.
    Steven Fisher, Nov 1, 2007
  12. Nice to know there's a workaround if you need it, but still: A backup is
    (among other things) for restoring stuff you've lost (ie. deleted). If
    you have to delete things from the backup to really delete them, this
    somewhat defeats the sole purpose of the thing...

    Or you have to have a backup of the backup, so you can restore things
    you had to delete from the backup to delete them from your system ;-)

    Jochem Huhmann, Nov 1, 2007
  13. Sure it will. Open the backup volume, search for the deleted items, and
    after Spotlight finds them, drag them to the trash.
    Michelle Steiner, Nov 1, 2007
  14. Hey, that's great. Thanks.
    Michelle Steiner, Nov 1, 2007
  15. Yes. I've reproduced it several times, using both document types and
    internet protocols.
    Steven Fisher, Nov 1, 2007
  16. Will it delete them from Spotlight? When I tried just browsing the
    database and deleting from there, Finder balked ("The operation couldn't
    be completed because backup items can't be modified.").

    I admit, I haven't tried sneaking in via Spotlight.
    Steven Fisher, Nov 2, 2007
  17. Can you explain exactly what method you meant, Michelle? When I tried
    doing a Spotlight search for iChat on the backup volume, it didn't find
    anything. When I tried doing a Spotlight search for iChat within
    Backups.backupdb it found one occurrence, but refused to delete it (same
    message as above).
    Steven Fisher, Nov 2, 2007
  18. You have to do it from the Finder if you're going to drag them to the

    I guess that I should have tried it before typing that. You're right.

    But Sally gave the right solution; Time Machine allows one to remove
    backups from within Time Machine itself.
    Michelle Steiner, Nov 2, 2007
  19. Steven Fisher

    Wes Groleau Guest

    Ouch. Maybe I will try SVN after all.

    An item in an SVN repository can't be executed.
    Must be "checked out" first. And if it's deleted,
    then to check out something executable, you'd have
    to explicitly give the version number of the
    before-deletion item

    And SVN doesn't store a full size copy of every
    version of every file. It stores differences.

    Wes Groleau

    Even if you do learn to speak correct English,
    whom are you going to speak it to?
    -- Clarence Darrow
    Wes Groleau, Nov 2, 2007
  20. Technically, Time Machine isn't quite as inefficient as you think: Time
    Machine stores full copies, sure, but only of changed files.

    I use SVN and love it for my work, but I wouldn't want to store an
    entire Mac OS X startup volume in it. :)
    Steven Fisher, Nov 2, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.