troubleshooting/tutorials/security
11/17/2003, 11:35am, EST
Monday, November 17th
Serious Mac OS X file-save bug could delete files
MacNN readers note a serious file-save bug that affects all Cocoa application, which could caused deletion of an entire (non-boot) partition: "If you try to save a file with a name that is *much* too long (say, 1000 characters), OSX will apparently suffer some kind of buffer overflow, and overwrite the folder you're trying to save that file into. It will warn you that it might overwrite something, but if you're not paying attention or if you instinctively hi enter... You could potentially completely overwrite a partition (obviously not the system drive for permission reasons, but any partition), if you're saving at the root of that partition."
Filed under: troubleshooting
,
, 57
,
,
,
,
,
,

subscribe to comments
for this article
The longer the filename, the more of the genome we can save. Hopefully with the release of Mac OS Puma, scientists will be able to utilize 2,000 character names, perhaps allowing for mutation research within the human genome, finally!!
Come on, get real! I've been using and fixing Macs for about 20 years and to say that this is a problem is crazy. It would be simpler for a hacker to just format the drive or partion than to try and save a file with a name 1000 characters long. Geez!
Ridiculous. You couldn't hack an OS X box if you tried, and even if you could, you'd have to use some obscure method like activating the screensaver and typing the commands at light speed before the password dialogue pops up or trying to save a file with more than 1,000 characters in the name. Windows, on the other hand, can be exploited and compromised by an 11 year old using an old 75MHz Pentium and a dial-up connection.
It is a data loss bug and should be fixed, but it is not a serious problem for ANYONE.
It's a buffer overflow problem -- the same thing that affected the screensaver password until it was fixed.