Re: OS 10.2 & Mail scripting has introduced a new wrinkle
Re: OS 10.2 & Mail scripting has introduced a new wrinkle
- Subject: Re: OS 10.2 & Mail scripting has introduced a new wrinkle
- From: "John C. Welch" <email@hidden>
- Date: Sat, 17 Aug 2002 07:09:31 -0400
On 08/17/2002 01:02, "cricket" <email@hidden> wrote:
>
tell application "Mail"
>
launch
>
end tell
>
>
:)
>
>
And as I said before, sendmail is not configured by default, so your
>
statement is incorrect. Only if you configure sendmail could the
>
scenario you describe ever happen.
Which you could do from an embedded shell script in a bogus Apple installer
package. Heck, you can certainly use them to wipe your hard drive, and you
get no bloody warning of that, (iTunes 2.0 debacle anyone?) all you have is
Mr Bogus Installer have the clueless luser authenticate, and then, since you
are now running in sudo condition, run:
cd /
rm -Rf
Good thing Mail's silly warning about running scripts did you no good at
all. You could just as easily have a shell script that configured sendmail,
set up ssh, and ftp, and then emailed out a nice admin password...at that
point your box is a zombie, but you got a really neat version of tetris
running.
>
>
>> Clearly there's a better way to pull this off without interfering with
>
>> automation, but there is a reason for it to be there in the first
>
>> place.
>
>
>
> If it did any good, sure. But it's a false security measure that does
>
> no
>
> good at all.
>
>
It educates people. Which apparently isn't working, at least for you. :)
Annoying people doesn't educate them. Considering that no where in Apple's
documentation is anything on what a malicious installer can do, obviously
they aren't that worried about it. If you had better security, that required
you to enter at least the login ID and password to run scripts in Mail, that
at least would be defensible...but an unauthorizing dialogue that any fool
can click and make go away? Nope, annoyware, not security.
john
--
"There may be no stupid questions, but there are an awful lot of
inquisitive idiots"
-Bill, digital.forest tech support
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.