• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Unsafe handlers revisited - Now Fixed
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Unsafe handlers revisited - Now Fixed

  • Subject: Re: Unsafe handlers revisited - Now Fixed
  • From: "John C. Welch" <email@hidden>
  • Date: Sun, 23 May 2004 04:39:53 -0500
On 5/23/04 2:59 AM, "Sander Tekelenburg" <email@hidden> wrote:

>> Ran some tests...if you disable the disk and disks URI scheme in launch
>> services, the Unsanity exploit fails to do anything.
>
> I hate to disappoint you but: only the one that uses the disk scheme schemes.
> There appear to be plenty more schemes that are more than willing to mount
> remote disk images. Already 2 POCs that use ftp have been published. Are you
> going to disable ftp too?

It opens up Transmit, and gives me a nice directory listing of the /idink
directory on unsanity.com. I'm sorry, was this expecting the Finder to
handle my FTP?

That doesn't strike me as a very reliable exploit, but if you haven't
changed anything, I imagine it could be.

>
> Read my update at
> <http://www.euronet.nl/~tekelenb/playground/security/URLschemes/>.

The other schemes don't work either. I find it simpler to just disable the
URI schemes or assign them to better applications. I don't see AFP being a
real problem here, but if someone wants to prove me wrong, by all means,
please do.

>
>
> The good news is that clearly none of this has anything to do with
> AppleScript (assuming the applescript: URL scheme is safe) so AppleScript's
> good name hopefully won't be trashed any further ;) So let's move this thread
> elsewhere. <news:comp.sys.mac.system> is appropriate.

The S/N ratio on newsgroups is utter garbage, so I gave up on them almost a
decade ago. Besides, this is appropriate to anyone developing on the Mac.

john

--
"Indentation?! -- I will show you how to indent when I indent your skull!"

- 9th most commonly uttered Klingon programmer phrase
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.

References: 
 >Re: Unsafe handlers revisited - Now Fixed (From: Sander Tekelenburg <email@hidden>)

  • Prev by Date: Distiller problem
  • Next by Date: Re: sudoing into root
  • Previous by thread: Re: Unsafe handlers revisited - Now Fixed
  • Next by thread: Re: (OT) Unsafe handlers revisited - Now Fixed
  • Index(es):
    • Date
    • Thread