Re: Major Tiger AppleScript security hole?
Re: Major Tiger AppleScript security hole?
- Subject: Re: Major Tiger AppleScript security hole?
- From: Martin Orpen <email@hidden>
- Date: Thu, 23 Jun 2005 17:25:45 +0100
on 23/6/05 16:26, Stephen Jonke at email@hidden wrote:
> Then I created a test file "test.txt" in my (user sjonke) home
> folder, and set the privileges such that only I had read/write
> access, with the group and other set to no access. I then tried this
> at the terminal, logged in as the other and non-admin user:
>
> osascript -e 'tell app "Finder" to delete file "test.txt" of home'
Isn't that because su isn't really the same as being logged in as that
specific user?
If it were then the term "HOME" would have meant *that* users home - not
yours. ISTR that most of the shell commands still use your genuine ID unless
you use additional modifiers.
Try:
su [login] -c [your admin-only command]
And see if it still works. Or do a proper user switch and see what happens.
Regards
--
Martin Orpen
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Applescript-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden