Jump to content
  • Announcements

    • Allan

      Forum Rules   04/13/2018

      Hello folks! As some things are being fixed, we'll keep you updated. Per hour the Forum Rules don't have a dedicated "Tab", so here is the place that we have our Rules back. New Users Lounge > [READ] - InsanelyMac Forum Rules - The InsanelyMac Staff Team. 
insanelybot

10.5.8: Safe to install security updates?

2 posts in this topic

Recommended Posts

Just seccessfully resurrected a Dell Dimension 3000 using iPC OSX86 & iDeneb combo updater to bring it to 10.5.8. I've had it running for about a half-day and everything seems pretty stable.

 

What I would like to do now is install updates to make the system more secure. Running software update, the following are available:

 

Remote Desktop Client Update

Java for OS X 10.5

Flashback Removal Security Update

Leopard Security Update 2012-003

Security Update 2011-004

 

Are any of these going to cause problems if installed? If so which ones?

Share this post


Link to post
Share on other sites

InsanelyMac Protégé,

 

When installing OSX, it is extremely important to understand which files are modified or in addition to what is vanilla. In addition, you should backup your system before updating. You have made it this far and it would be a shame to have to start from scratch.

 

Backing up

Do some research on how to best backup your system. I would need to know a little bit more about your install but if you have modified files in locations that may be overwritten, you may consider doing the following in Terminal:

 

mkdir /backup
cp -R /System/Library/Extensions /backup
cp /mach_kernel /mach_kernel.backup

 

Determining what is in the update

I would not use System Update to actually download and install updates. Instead, use System Update to determine which updates are required and then manually download them from Apple's support site.

 

To determine what is in the updates, you will need an application such as Pacifist (http://www.charlessoft.com *Please consider donating). This application will allow you to peak inside package files.

 

As I mentioned before, it depends heavily on your install but generally people have issues updating due to extensions or their kernel being overwritten.

/mach_kernel

/System/Library/Extensions

 

I did not see anything in SecUpd2012-003.pkg that would break your install.

 

Within SecUpd2011-004.pkg the following Kexts are provided:

  1. ALF.kext
     
  2. AppleVADriver.bundle
     
  3. IO80211Family.kext
     
  4. IOBluetoothFamily.kext
     
  5. IOBluetoothHIDDriver.kext
     
  6. IOUSBFamily.kext
     
  7. webdav_fs.kext

Keep a record of these or a printout from a screenshot. If you have issues, this will make it easy to troubleshoot.

 

Recovering from issues

There are three outcomes from updating: everything works fine, you can boot into OSX but certain components are not functioning, the system hangs on boot.

 

As an example, lets say that you are having issues with your built-in wifi adaptor after completing the aforementioned update. Looking at the manifest, I see IO80211Family.kext has been installed.

 

To backup the new Kext and replace with the old Kext, open Terminal and type:

sudo su
cd /System/Library
cp -R Extensions/IO80211Family.kext /backup/new/IO80211Family.kext
cp -R /backup/extensions/IO80211Family.kext Extensions/IO80211Family.kext
chmod -R 755 Extensions/
chown -R root:wheel Extensions/
touch Extensions/
rm -Rf Extensions.mkext
diskutil repairpermissions /

 

Restart with the boot-flags -f -v

 

In the instance that you are unable to boot, you can restart into Single User Mode by using the boot-flag -s

 

Once you get to the command line, type the following to mount the drive. You can then follow the steps above to backup and replace the problem Kext. "sudo su" is not required in Single User Mode.

 

If you are on 10.5.8, you should not have many system updates. If I am not mistaken 10.5's end of life is December 31, 2012. You should keep up on Acrobat Reader, Flash, and Java updates due to recent vulnerabilities. I prefer to keep those applications set to let me know when updates are available. I then manually download and install them.

 

It is ideal to consider alternatives to installing modified or new Kexts directly into the /System/LibraryExtensions folder. Some installation methods use a /Extra or hidden EFI partition folder to store modified files. This keeps the remainder of your system vanilla. The less that can be overwritten the less of an issue.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

×