Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
OS X Businesses Operating Systems Security Apple

Origins of Mac OS X's runscript Security Hole 63

Posted by pudge from the hell dept.
ahknight writes "codepoetry has an informative article about why there was a runscript command to begin with, where it came from, and how it's still used. A good read for people wondering why the command existed at all. Also, Daring Fireball has possibly the best solution so far with instructions on how to turn off the help and disk protocols entirely (much better than deleting random system components)." Update: 05/21 22:27 GMT by P :Daring Fireball also mentions an abuse of the telnet: handler that can overwrite any file you have write permissions to, and doesn't need a known path. There's also an applescript: handler, which I'd disable just for the heck of it, at this point ... Update: 05/21 22:36 GMT by P : Several readers note that Apple has just released Security Update 2004-05-24, which address the runscript problem, though apparently not the others.
This discussion has been archived. No new comments can be posted.

Origins of Mac OS X's runscript Security Hole More

Origins of Mac OS X's runscript Security Hole

Comments Filter:

  • Re:HA (Score:5, Interesting)

    by schwap ( 191462 ) <beauh&schwoogle,org> on Friday May 21, 2004 @07:01PM (#9221222) Homepage
    backups cure most ailments.

    Image a virus that infects Word documents at a large organization that goes unnoticed for a year because it doesn't actually do anything but replicate itself quietly and subtly, and infects any document it can over the course of the year. Slowly, all the backups of files will be infected as well. It doesn't have to do anything malicious, just prevent a document from being viewed or opened easily.

    Every place I have seen Office being used, there are huge volumes of files which everyone can share and update. Boom! Nobody can do anything with the information they have because Office won't work....

    errrrm.... wait. I see the flaw in my argument. Office does that all on it's own already.

  • Re:URL handling still has "remote code" exploits! (Score:4, Interesting)

    by mst76 ( 629405 ) on Friday May 21, 2004 @08:01PM (#9221649)
    The MacNN thread is a great read, you can witness the discovery of this vulnerability almost live. The new exploit means the malware author can make up his own protols like malware:// and give his app the appropriate creator code. Is other words, fixing the Help app is not enough, the problem is the automounting of .dmg and the URL handlers. Apple has been notified, so expect another fix soon.

  • KDE (Score:3, Interesting)

    by ensignyu ( 417022 ) on Saturday May 22, 2004 @12:29AM (#9223061)
    There's an advisory [kde.org] listed on dot.kde.org that seems similar, although not as bad.

Slashdot Top Deals

To the systems programmer, users and applications serve only to provide a test load.

Close