toggle

AAPL Stock: 502.21 ( + 4.54 )

toggle

Comments

  1. PookJP

    Mac Enthusiast

    Joined: Jan 2001

    0

    ...

    Who the h*** comes up with these things?

  1. dcrosby

    Fresh-Faced Recruit

    Joined: Sep 2002

    0

    who

    Satan himself. And Bill Gates.

  1. atomicon

    Fresh-Faced Recruit

    Joined: Apr 2004

    0

    SCARY

    Wow, that's scary. I clicked on the link to the example page (thinking that the warning about clicking it referred to a link on that page) and, lo and behold, my Terminal opened up and started processing a Unix command. As they said, it's harmless, but if it hadn't been, it was definitely too late to do anything about it... YIKES.

  1. jimothy

    Fresh-Faced Recruit

    Joined: Sep 2000

    0

    My fix

    I modified the script at /Library/Documentation/Help/MacHelp.help/Contents/Resources/English.lproj/shrd/OpnApp.scpt (as pointed out in the 2nd-to-last link above) so it prompts you whether you want to allow or deny the script to run. If you click "Deny", it will not run:

    on «event helphdhp» (completeParam)
    -- localizable text
    set cancelBtn to "Cancel"
    set errorText to "The item cannot be opened. It may be disabled or not installed."
    --end localizable text


    try
    display dialog "Something is trying to run: " & completeParam buttons {"Allow", "Deny"} default button 2 with icon 0

    set buttonPressed to (button returned of result)

    if (buttonPressed is "Allow") then

    tell application "Finder"
    open file completeParam of the startup disk
    end tell
    end if
    on error errMsg number errNum
    display dialog errorText buttons {cancelBtn} default button 1 with icon 0
    return
    end try
    end «event helphdhp»

  1. klinux

    Senior User

    Joined: Jul 2002

    0

    Seriously

    What's to prevent a script kiddie to post a link (Kournikova!) in Macnn Lounge or in Appleinsider, Macrumors, Macslash, etc that lures unsuspecting people to executive destructive commands!

    Sure, one could say the axiom of don't download/open/click/visit whatever from unsuspecting people but we know that do not work in real life.

    The next step is would be for someone to write a mail.app script that sends out e-mail to everyone on ones Address Book, spoofs the return address and includes a link and then executes that command on the user's own machine. Voila! The first OS X virus!

    (Shudders)

  1. ibmjones

    Fresh-Faced Recruit

    Joined: May 2004

    0

    Not that serious

    It looks bad, but because of Mac OS X's Unix's security model, the worse it could do is to blow away the user's home directory. I imagine that even being logged into the machine as the admin user, it wouldn't do that much damage.

    Now if the vulnerability allows the script to elevate itself as the superuser (root), that would be a different story. But as it stands now, I don't think that it will happen any time soon.

  1. bauhaus

    Fresh-Faced Recruit

    Joined: Sep 2003

    0

    UNIX

    The thing is, real UNIX is far better in security than Apple's bastardation. Apple is trying to make a user-friendly UNIX by compromising the basics of UNIX. It's part of the reason why OS X wouldn't be able to obtain UNIX certification from the Open Group. (FYI, early versions (pre-beta) of OS X qualified for UNIX certification-- the modifications after modifications by the time of deployment removed the OS from certification)

  1. Simon

    Posting Junkie

    Joined: Nov 2000

    0

    Re: UNIX

    > Apple is trying to make a user-friendly UNIX by compromising the basics of UNIX.

    Example? Proof?

    Nope. Just FUD.

  1. klinux

    Senior User

    Joined: Jul 2002

    0

    Oh yeah

    the worse it could do is to blow away the user's home directory

    Here, ibmjones, click on this link over here....

    Just because you don't think it is serious does not mean it is not serious.

  1. klinux

    Senior User

    Joined: Jul 2002

    0

    Easy there

    Hey Simon, don't use FUD if you do not know what it means.

    Apple did modify the basics of UNIX - I would call case insensitivity and unexpected naming of system directories basic enough. Whether I would call it "compromised" is another question, however.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

10 Most Read

Recent Reviews

Powerbag Business Class Bag

Many companies currently offer battery packs and various accessories to keep smartphones and other gadgets charged when away from an o ...

Logitech Cube

The world of mice could often be described charitably as stagnant: it's an endless sea of ergonomic shapes that assume you're sitting ...

NewerTech and Targus USB Hubs For Gifts

A useful holiday present to resolve an ongoing frustration is a multi-port hub. Whether as a stocking stuffer, Chanukah present, or an ...

toggle

Most Commented

10 Most Discussed