基本上,看起来很多权限都从 更改为rwx------(rwxrwxrwx或非常接近于此);我认为其中一些涉及 Mac 的 Java。我最近对 OS X 10.5 进行了存档和安装。
这是否表明我的系统被篡改或被恶意软件感染?
修复内容如下:
Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/DVD.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/FRSettings.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/FRSources.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/Movies.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/Music.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/Photos.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/Podcasts.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
Permissions differ on "System/Library/CoreServices/Front Row.app/Contents/PlugIns/TV.frappliance/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
Permissions differ on "System/Library/PrivateFrameworks/BackRow.framework/Versions/A/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
Permissions differ on "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/CodeResources", should be -rw-r--r-- , they are lrwxr-xr-x .
Group differs on "Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/CodeResources", should be 80, group is 0.
Permissions differ on "Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/CodeResources", should be -rw-rw-r-- , they are -rw-r--r-- .
Group differs on "Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/Info.plist", should be 80, group is 0.
Permissions differ on "Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/Info.plist", should be -rw-rw-r-- , they are -rw-r--r-- .
Group differs on "Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/MacOS/JavaPluginCocoa", should be 80, group is 0.
Permissions differ on "Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/MacOS/JavaPluginCocoa", should be -rwxrwxr-x , they are -rwxr-xr-x .
Group differs on "Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/MacOS", should be 80, group is 0.
Permissions differ on "Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/MacOS", should be drwxrwxr-x , they are drwxr-xr-x .
Group differs on "Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/Resources/Localizable.strings", should be 80, group is 0.
Permissions differ on "Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/Resources/Localizable.strings", should be -rw-rw-r-- , they are -rw-r--r-- .
Group differs on "Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/Resources", should be 80, group is 0.
Permissions differ on "Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/Resources", should be drwxrwxr-x , they are drwxr-xr-x .
Group differs on "Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/version.plist", should be 80, group is 0.
Permissions differ on "Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/version.plist", should be -rw-rw-r-- , they are -rw-r--r-- .
Group differs on "Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents", should be 80, group is 0.
Permissions differ on "Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents", should be drwxrwxr-x , they are drwxr-xr-x .
Permissions differ on "System/Library/Frameworks/AppKit.framework/Versions/C/_CodeSignature/CodeResources", should be ?--------- , they are -rw-r--r-- .
Permissions differ on "System/Library/PrivateFrameworks/DotMacSyncManager.framework/Versions/A/_CodeSignature/CodeResources", should be ?--------- , they are -rw-r--r-- .
Permissions differ on "System/Library/PrivateFrameworks/DotMacSyncManager.framework/Versions/A/Resources/DotMacSyncHelper.app/Contents/_CodeSignature/CodeResources", should be ?--------- , they are -rw-r--r-- .
Permissions differ on "System/Library/PrivateFrameworks/DotMacSyncManager.framework/Versions/A/Resources/dotmacsyncui.app/Contents/_CodeSignature/CodeResources", should be ?--------- , they are -rw-r--r-- .
Permissions differ on "System/Library/PrivateFrameworks/DotMacLegacy.framework/Versions/A/_CodeSignature/CodeResources", should be ?--------- , they are -rw-r--r-- .
Permissions differ on "System/Library/Extensions/IOUSBMassStorageClass.kext/Contents/_CodeSignature/CodeDirectory", should be ?--------- , they are -rw-r--r-- .
Permissions differ on "System/Library/Extensions/IOUSBMassStorageClass.kext/Contents/_CodeSignature/CodeResources", should be ?--------- , they are -rw-r--r-- .
Permissions differ on "System/Library/Extensions/IOUSBMassStorageClass.kext/Contents/_CodeSignature/CodeSignature", should be ?--------- , they are -rw-r--r-- .
Permissions differ on "System/Library/SystemProfiler/SPDisplaysReporter.spreporter/Contents/_CodeSignature/CodeResources", should be ?--------- , they are -rw-r--r-- .
答案1
根据我的经验,其中大部分都是 Apple 自己的补丁,不太干净。您会发现符号链接指向插件的版本树,就像具有Versions/A子树的框架一样。
不过,我不确定该怎么处理这些should be ?---------文件;这表明 BOM 文件中有垃圾。我会用它pkgutil --file-info来找到正确的软件包文件,然后用其他pkgutil命令检查它和/或lsbom看看哪里出了问题,但你必须对 Apple 的软件包格式有所了解才能理解它。