Posted on 10-04-2013 08:05 AM
And that's annoying, and could provoke your users to do something bad since the file is now clear in view (i.e. try to delete / mess with it)
Here's a quick and dirty script to check, and then hide the flag. Also an EA to make a smart group to check for the issue.
#!/bin/sh
hiddenflagstatus=stat -r /mach_kernel | awk '{print $15}'
if [ "$hiddenflagstatus" = "0" ]
then
chflags hidden /mach_kernel
else
exit 1
fi
exit 0
#!/bin/sh
hiddenflagstatus=stat -r /mach_kernel | awk '{print $15}'
if [ "$hiddenflagstatus" = "32768" ]
then
echo "<result>Hidden</result>"
else
echo "<result>Not Hidden</result>"
fi
exit 0
Posted on 10-04-2013 08:08 AM
anybody else see the /-verbose file ?
Posted on 10-04-2013 09:01 AM
I would hold off on making this available on your SUS if you have one. I know a bunch of people (including myself) have filed a Bug Report with Apple. I'm hoping they pull the supplemental update soon.
Also, the combo updater and regular 10.8.5 update (updated version) do not unhide mach_kernel.
Posted on 10-04-2013 09:05 AM
Just updated a test Mac here with the Supplemental and I'm seeing mach_kernel at the root of the drive, plain as the nose on my face. Nice one Apple!
Wasn't this the update that was first released internally to all Apple employees from a report I read? How did this not get caught?? Sloppy.
Posted on 10-04-2013 09:25 AM
hkim, should have checked closer. $15 is correct.
#!/bin/sh
hiddenflagstatus=`stat -r /mach_kernel | awk '{print $15}'`
if [ "$hiddenflagstatus" = "0" ]
then chflags hidden /mach_kernel
else echo "mach_kernel is hidden"
fi
exit 0
Posted on 10-04-2013 09:31 AM
$15 seems to point to the hidden flag from what I gather, doing a stat -s the st_flags value is the one I was looking for.
Posted on 10-04-2013 09:36 AM
Another way is to check for the com.apple.FinderInfo Extended Attribute like this-
xattr -x /mach_kernel
In the script.
#!/bin/sh
hiddenflagstatus=`xattr -x /mach_kernel`
if [ "$hiddenflagstatus" != "com.apple.FinderInfo" ]
then chflags hidden /mach_kernel
else echo "mach_kernel is hidden"
fi
exit 0
Posted on 10-04-2013 09:37 AM
Ok I see what you are saying it flips from 0 to 32768 at position 15.
Posted on 10-04-2013 12:13 PM
"I would hold off on making this available on your SUS if you have one."
Since the Supplemental Update fixes actual bugs, and the visibility of mach_kernel is a cosmetic issue, I think orgs might want to consider deploying it anyway, especially if they've encountered any of the bugs the Supplemental Update fixes.
Posted on 10-04-2013 12:41 PM
Since the Supplemental Update fixes actual bugs, and the visibility of mach_kernel is a cosmetic issue, I think orgs might want to consider deploying it anyway
Generally speaking I would agree, but only after some careful testing. My concern here is that if something simple like making sure mach_kernel is invisible was overlooked, I have to wonder what else didn't get caught. My understanding on this update is that it wasn't really distributed to folks in Apple's developer program. I could have that wrong, but if that is the case, it may not have been tested thoroughly outside of Apple. therefore the need for some caution in deploying it.
Its also not impossible that Apple may pull it at any moment and re-issue it. Its happened before as we all know.
Posted on 10-07-2013 07:49 AM
Apple may have just pulled this supplemental update from their servers. I can't get my 10.8.5 12F37 build machines to see it in Software Update anymore.
Posted on 10-07-2013 07:54 AM
@damienbarrett, sure you don't just have it blocked on an internal SUS? The update is still on Apple's site, downloadable, so I assume its still active-
http://support.apple.com/kb/DL1686?viewlocale=en_US&locale=en_US
Modification dates are the same, so it doesn't look like it was updated at all.
Posted on 10-07-2013 08:00 AM
The update is still very much live for me.
Posted on 10-07-2013 08:29 AM
Weird. Some of my machines running 12F37 simply refuse to see the update.
I took another machine running 10.8.3 and ran all updates in Software Update (using Apple's, not a local SUS) and when done it came out running 12F45. Maybe Apple has bundled the 10.8.5 and 10.8.5 supplemental updates together on their SUS servers?
Also, this machine I just updated from 10.8.3 to 10.8.5 12F45 is *not* showing mach_kernel in the Finder. Yet on several machines I updated over the weekend and earlier this morning are definitely showing mach_kernel in the Finder. I've already had an EA in place to detect OS build number, so I just had to use the script above to execute on machines running build 12F45.
But now I'm thinking that might produce some false positives. Perhaps my EA should look for the presence of:
/var/db/receipts/com.apple.pkg.update.os.10.8.5.supplemental
And then execute a script to hide mach_kernel based a group scoped to to this. Maybe I've over thinking this...but my users are mostly all admins and I can certainly see some of them trying to delete this "mysterious" file from their systems, as they've been taught to leave the root of their HD with only /Applications, /Library, /System, and /Users.
So, I'm not sure what's going on.
Posted on 10-07-2013 08:34 AM
Why not use the EA that @hkim posted for detecting if the mach_kernel file is visible instead of detecting OS build number? Not that there would be any harm I can think of in running the chflags hidden command on an already hidden file.
Posted on 10-08-2013 07:20 AM
@damienbarrett When Apple release the supplemental, they also released updated 10.8.5 Delta/Combo updaters. If you had 10.8.5 12F37, and you ran the Supplemental, you receive build 12F45 and a visible mach_kernel. If you had less-than-10.8.5, and ran the Delta/Combo, you got 12F45 and an invisible mach_kernel. So, it only affects computers updated with the Supplemental.
Posted on 10-08-2013 07:56 AM
whenever I run it, I get the following output, tried on 10.8.5supplemental update and 10.9
Running script MachKernel.sh... Script exit code: 2 Script result: /Library/Application Support/JAMF/tmp/MachKernel.sh: line 12: syntax error: unexpected end of file Submitting log Finished.
Using text wrangler I don't see anything wrong, I tried changing the ` to ' and tried to " the whole thing (removing the `), nothing seemed to work...
Posted on 10-08-2013 08:18 AM
what's wrong is I forgot to close the if with a fi statement