Panther bug: Dragging /System to the trash

This entry was published at least two years ago (originally posted on December 10, 2003). Since that time the information may have become outdated or my beliefs may have changed (in general, assume a more open and liberal current viewpoint). A fuller disclaimer is available.

It looks like Damien Barrett may have discovered a potentially disastrous bug in Panther (Mac OS X 10.3) — apparently one can drag the /System folder to the trash, which then freezes the computer. Upon reboot, since the System is now in the trash, the computer can’t boot up.

Panther apparently allows admin users to drag the folder /System to the trash, which then will immediately cause the Finder to go into a spinning pizza of death (SPOD). Your only option is to shut down the computer. And then because the System is in the trash, the computer is rendered unbootable!!!

I don’t remember being able to do this in Jaguar. Shouldn’t the OS give a warning like “You don’t have sufficient priveleges to do this.” Shouldn’t the only user capable of moving the folder System be the root user?

Now, many people are going to immediately react by wondering just what in the world would prompt anyone to even try dragging the System directory to the Trash. As stupid as that seems, one never knows what people will try, or do by accident, and the OS really should be far more intelligent about how it handles this (such as not even allowing it in the first place).

5 thoughts on “Panther bug: Dragging /System to the trash”

  1. This is a known bug kind of. When an admin logs into the system, s/he is authenticated to do anything. After 5 minutes, this gets depreciated to work as expected. If you wait 5 minutes and try to do something that requires root privileges (like moving /System to the trash), the system will prompt you for the admin name and password. This is definitely a security flaw. Picture a user that doesn’t know any better and has auto login enabled and runs as an admin. Any time their computer is restarted, someone has enhanced control of their system for 5 minutes. An admin still does not have easy access to other users documents though. So they can only destroy the system. If this makes you really nervous, you can edit /etc/authorization to make authentication required much more frequently. Go to http://macosxhints.com and do a search for /etc/authorization. Currently it is not working, but it will tell you how to remove the timeout.

  2. This one concerns me as the family IT specialist. I can see my song getting inovlved in one of his games and accidentally dragging the Sytem to the trash.

    Is there anything short of a trip to the shop to stop the SPOD or is just a clean rebuild?

    Neither of which I relish.

  3. Hey,

    Well – I did just that. I thought I was throwing away a system folder from a previous partition that had been copied to my main hard drive. (It’s been a long day).

    So now – I guess the only thing I can do is reinstall my system folder – right? I’m trying adding a bootable hard drive to my powerbook, starting from that and seeing if I can locate the old system folder and move it out of the trash.

    So – you see – it does happen – and I am a very experienced mac user!

    :-)

    • B

Comments are closed.