Major Snow Leopard Bug Said To Delete User Data

inglishmayjer was one of several readers to send in the news of a major bug in Apple's new OS, 10.6 Snow Leopard, that can wipe out all user data for the administrator account. It is said to be triggered — not every time — by logging in to the Guest account and then back in to the admin account. Some users are reporting that all settings have been reset and most data is gone. The article links to a number of Apple forum threads up to a month old bemoaning the problem. MacFixIt suggests disabling login on the Guest account and, if you need that functionality, creating a non-administrative account named something like Visitor. (The Guest account is special in that its settings are wiped clean after logout.) CNet reports that Apple has acknowledged the bug and is working on a fix.

Re:Oh.

[Kamokazi]

That may not be a very good idea either...

Re:I don't want to feed the trolls but...

[gilgoomesh]

As far as I can tell, from reading this on other sites, the reproduction involves:

* Machine that was upgraded from Leopard to Snow Leopard
* Already had the Guest account enabled on Leopard.
* Logs into Guest account (not a remote login but a local, physical login)
* Is hard-booted (after crash, power failure, or power button) from Guest account back into Admin account.

Despite a combination of these steps, people are finding it hard to reproduce. So it's the sort of issue that could fall through the QA cracks.

Guest is denied local login

[mario_grgic]

by default, so you have to go out of your way to enable it. I would not do it, if really wanted to allow someone limited local access to the machine, I would create a limited account for that purpose alone.

Re:This is a bad bug, yes, but...

[rsborg]

...the average user is not very likely to get hit by it, fortunately. Hopefully they'll have a fix out quickly nonetheless.

I'm a Leopard user who didn't upgrade as some software that I use everyday is not ready (till December). However, I'm fairly saavy with my system but my Guest account got "activated" in a previous patch. Now, if this buzz didn't alert me, I would have upgraded and been none the wiser when my data got wiped out (luckily I use SuperDuper regularly).

Guest accounts are setup by default, IIRC. This is bad for Apple... data loss of any magnitude should be a Priority 0 fix right away bug, not something you leave off to sub-dot-release 10.6.2.

Re:Apple....

Since it has a greater market share than Linux. (It does. Really.)

Re:I don't want to feed the trolls but...

[shird]

Well it is probably the 'login' or some other high privilege process that is doing the Guest account erasing after the Guest user logs off. The login process would have permissions to the Admin user data.

It probably wouldn't be left to a process running as Guest to erase the account.

Re:Opportunity

[broken_chaos]

As I linked to another person in this thread, PhotoRec works fine on OS X as long as you aren't deathly afraid of the command line (and have a spare drive for writing out all the files it finds to).

Sure, it's a bit messy with the files (as are most undelete programs – though PhotoRec doesn't even make a cursory attempt, beyond file names), but it's pretty good at getting everything not-written-over in my experience.

Re:Oh.

[Charles+Dodgeson]

our Apple drones are so upset over this, they are planing to buy another Mac, just in case one got erased.

That's me!

As an Apple fanboy, I find this bug very embarrassing. From what I read, I do fall into the "very small number of users" that this bug could catch. That is, I've had a guest account before upgrading to Snow Leopard. I guess that I've never been hit by this because I've never logged out of the guest account and then logged in to an admin account. In fact, the guest account and the admin account are both very rarely used. (My account is a "regular" account.)

The only reason that I've enabled the Guest account is because my Macs (that's plural, so you see I really am a fanboy) have a "phone home" system in case of theft. And I figure that having a guest account will allow the thing, if stolen, to stay in use longer before getting wiped.

As for back-ups, I don't really think the Time Capsule is something I'd recommend to most users. Instead just use Time Machine with an external drive. I do think that Apple should be given lots of credit for Time Machine. It really makes back-ups so easy there is no excuse for anyone not to make back-ups.

Informative?

[bussdriver]

1) USB flash drives use FAT16 or FAT32 not a Mac OS X filesystem. They are implemented as filesystem plug-ins. USB drives ARE slow; especially when on a slow USB BUS. Me, I have whole USB bus for a time machine SATA drive and it runs as fast as one can expect from that configuration- no complaints.

2) Encrypted "volumes" are disk images; handled in userspace I believe... they are slower; but then they are software encrypted... I get good performance from not using sparse images; the sparse ones are slower (sparse images split the disk into 8MB files for easy resizing.) Sparse files have hash overhead fetching image files, open/closing overhead for those files, HFS+ auto-defragging, the 8MB segments is likely not optimally allocated (linear,) and I think it is quite likely the disk cache working twice.

3) WebDAV generally sucks (iDisk) and I never was a fan of it. still prefer FTP. FTP and WebDAV are both filesystem plug-ins which causes more trouble than they are worth-- not to mention loads a ton of code into the kernel; risking stability and security. Userspace would make MUCH MORE SENSE; especially since the network is the bottleneck not the userspace.

4) HFS+ is a fine filesystem. Sure it is old and based on decades old HFS. It works quite well and is stable. It is simple and highly flexible with easy hacks for adding new features. Its biggest problem is the wasted space for small files; but 10.6 fixes that with a hidden database (everything in HFS is a file, including internal structures.) It can be better; but it is not bad simply because it is old and feature laden.

--
Lets petition Apple to include FuseFS officially in the OS! (then they can move FTP and WebDAV out there and add HTTP, SSH...)

Re:Oh.

[MojoStan]

What surprises me is that MS hasn't done much in the area(unless you are willing to go all the way to Windows Home Server). Architecturally, Volume Shadow Copy is abundantly powerful and has been available since before Time Machine even hit the scene; but you certainly wouldn't know about it from looking at any of the advertising, documentation, or spec sheets for non-server Microsoft OSes.

When accessed from the shell in client versions of Windows Vista and Windows 7, Shadow Copy is often called "Previous Versions." Back when Vista was released, I remember seeing it mentioned in reviews and on Microsoft's product info pages.

Maybe it wasn't a "front page" feature because it was only available in Vista Business, Ultimate, and Enterprise (and not Home Premium). Thankfully, MS has corrected this mistake by including this feature (and all other backup features) in Windows 7 Home Premium as well.