• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: OS 10.2 & Mail scripting has introduced a new wrinkle
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OS 10.2 & Mail scripting has introduced a new wrinkle

  • Subject: Re: OS 10.2 & Mail scripting has introduced a new wrinkle
  • From: "John C. Welch" <email@hidden>
  • Date: Sat, 17 Aug 2002 07:09:31 -0400
On 08/17/2002 01:02, "cricket" <email@hidden> wrote:

> tell application "Mail"
> launch
> end tell
>
> :)
>
> And as I said before, sendmail is not configured by default, so your
> statement is incorrect. Only if you configure sendmail could the
> scenario you describe ever happen.

Which you could do from an embedded shell script in a bogus Apple installer
package. Heck, you can certainly use them to wipe your hard drive, and you
get no bloody warning of that, (iTunes 2.0 debacle anyone?) all you have is
Mr Bogus Installer have the clueless luser authenticate, and then, since you
are now running in sudo condition, run:

cd /
rm -Rf

Good thing Mail's silly warning about running scripts did you no good at
all. You could just as easily have a shell script that configured sendmail,
set up ssh, and ftp, and then emailed out a nice admin password...at that
point your box is a zombie, but you got a really neat version of tetris
running.

>
>>> Clearly there's a better way to pull this off without interfering with
>>> automation, but there is a reason for it to be there in the first
>>> place.
>>
>> If it did any good, sure. But it's a false security measure that does
>> no
>> good at all.
>
> It educates people. Which apparently isn't working, at least for you. :)

Annoying people doesn't educate them. Considering that no where in Apple's
documentation is anything on what a malicious installer can do, obviously
they aren't that worried about it. If you had better security, that required
you to enter at least the login ID and password to run scripts in Mail, that
at least would be defensible...but an unauthorizing dialogue that any fool
can click and make go away? Nope, annoyware, not security.

john

--
"There may be no stupid questions, but there are an awful lot of
inquisitive idiots"

-Bill, digital.forest tech support
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.
References: 
 >Re: OS 10.2 & Mail scripting has introduced a new wrinkle (From: cricket <email@hidden>)

  • Prev by Date: Re: OS 10.2 & Mail scripting has introduced a new wrinkle
  • Next by Date: Re: OS 10.2 & Mail scripting has introduced a new wrinkle
  • Previous by thread: Re: OS 10.2 & Mail scripting has introduced a new wrinkle
  • Next by thread: Re: OS 10.2 & Mail scripting has introduced a new wrinkle
  • Index(es):
    • Date
    • Thread