Re: AppleScript & HTML Again...
Re: AppleScript & HTML Again...
- Subject: Re: AppleScript & HTML Again...
- From: Michael Terry <email@hidden>
- Date: Thu, 25 Mar 2004 17:56:26 -0800
On Mar 25, 2004, at 4:34 PM, John C. Welch wrote:
Actually, it's not. The release notes don't say a word about what, if
any
considerations were given to security. For a network application,
that's
critical. There's no way to set any sort of prefs to lock down access,
or
require any sort of authentication.
Lock down access to what? Everything running is on the user's machine,
local. The helper application, Missing Link, is installed locally. It
can launch whatever files, executable or not, are installed locally by
clicking on a special type of link. Ye gods, man, if the user can't
trust the files he has installed and that he specifically asks to
launch with Missing Link, what has he got them installed for?!
Just to be clear in case anyone is confused, when you click a link,
activity only happens on your own computer. It doesn't execute code on
a remote computer and it doesn't execute code embedded in the web page.
Here are the only 2 security issues I've been able to think of so far:
1. Someone figures out you have Missing Link installed and sends you an
e-mail with a link that, when clicked, launches an application or
script at a known path in a regular install of OS X. Maybe Peter can
clarify whether this is possible with a regular install, but in any
case, that's an annoyance and extremely unlikely.
2. Someone figures out you have Missing Link installed and tricks you
into installing a malicious executable file. Then he sends you a link
and tricks you into clicking on that, which launches an executable that
swallows your /System directory and digests it over the course of a
thousand years.
In order for this clever subterfuge to work, the following must be true:
1. The user must have Missing Link installed, with the default protocol
scheme.
2. The user must broadcast this such that someone finds out.
3. The someone who finds out must be knowledgeable about Missing Link,
AppleScript, and Mac OS.
4. The someone who finds out must be a sniveling, contemptible punk
(not likely given #3).
5. The user must be easily fooled into clicking on unverified links in
HTML mail, or doesn't bother to look at the location of links in his
text mail.
6. The user must be easily fooled into installing random executable
files on his machine.
Of course, if our user were really this dumb, why not just send him the
executable in the first place and tell him to run it himself?
So the entire thing is a "trust me" application, with no way to verify
this
is a good idea or not.
Well, I have a bunch of internet helper application installed that I
trusted for reasons other than seeing the source code. I trusted Peter
Bunn enough to give his system a try.
I could live without the source code access if the application notes
indicated what steps were taken / considerations given to security.
There
are none. If the develoepr were well known, then that would be another
way
for me to determine security issues. But none of this is true. So I'm
supposed to blindly trust that an application designed to allow remote
execution of AppleScripts via a totally insecure method is "okay"?
Ahhhh, finally I see the fatal misunderstanding. Missing Link doesn't
execute remote AppleScripts, they're local. Right, Peter? I'm pretty
sure that hasn't changed since the last time I tried it.
As far as "using it the way the developer intends", well, that's not
why
it's called "cracking".
There's just nothing to crack, as far as I know. That's why I asked for
an example.
The point about using it as it's intended is that nothing can protect a
user from himself, ultimately--you can't blame the developer for that.
If I want to 'tell app "Finder" to delete the entire contents of the
startup disk', I'm pretty sure Christopher Nebel will just chuckle at
my stupidity for a moment, before moving on to important things.
If you use Missing Link as an interface for a local script application,
you've got no risk, or at least no more than for any other application
you've got. Hell, turn off your internet connection. That won't affect
Missing Link, because nothing's going on over the network.
Mike
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.