[geeks] Weird MacOS issue

Mon Dec 22 15:40:52 CST 2008

I just had two problems with MacOS: one bad, one just plain strange.

The first one was that I ran Drive Genius 2 on my primary drive.  I  
got it as part of a bundle and since it was highly recommended by  
various parties, I decided to try it.

I ran a full repair of my main drive (booted from the DG DVD), and a  
defrag as they suggested.

When I rebooted, my Mac was completely hosed.  Booting from my clone  
drive, I found Drive Genius had irreversibly damaged the filesystem  
and removed thousands of files.

So I decide it was a good time to get a fresh install of MacOS.

I did the 10.5.0 install and then upgraded to 10.5.6, and restored my  
files and apps from backup.

Then I ran fix permissions and rebooted again.

It came up perfect, and so I went to look for what apps I needed to  
update for 10.5.6, and fix the 2-3 apps that never seem to survive  
migration.

I installed newer MacPGP and GPGMail versions as well as iTerm.

I also let Software Update run and finish off remaining updates like  
the new RAW update and the other stuff Apple released last week.

MacPGP failed to install due to a postflight script failure.

iTerm failed to install for permissions problems.

In the past after a MacOS update, I have found it necessary to reboot  
again sometimes before things are perfect, so I did, intending to try  
and install those two apps again.

No joy.  Mac hung at the blue screen before login.

Boot single user... no joy.  Mac went into endless loop saying there  
was a single user script failure, and the printed list of errors just  
kept growing each cycle.

I once again booted my clone drive, and found two changes to the  
primary drive that were causing it to fail to boot:

The /etc symlink which normally points to /private/etc had been  
replaced with a new /etc that only had 4 files in it, including a  
Linux /etc file called udev.  The other three files in the new /etc  
were localtime, memberd.conf, and mtab.

/bin/sh had been replaced with a symlink to some other X86 UNIX  
version of /bin/busybox:

shannon at cray:/bin
[8] % file  busybox
busybox: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV),  
dynamically linked (uses shared libs), stripped

I can't think of what software I installed that would do this.  It  
doesn't appear to be malicious because the only executable is a Linux  
exec that won't even run, and there was the one Linux udev file in /etc.

Obviously the prime suspects would be the GNU packages and iTerm, but  
why would they make a new /etc and replace /bin/sh with busybox?

At least one other person has seem the exact same issue, right after  
he upgraded to 10.5.5, so this isn't an isolated incident:

http://discussions.apple.com/thread.jspa?threadID=1808421&tstart=0

Anyone have any ideas?

-- 
"Where some they sell their dreams for small desires."