Lists

Open Menu Close Menu

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: Applescript (Quicktime) "with replacing" bug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Applescript (Quicktime) "with replacing" bug

Subject: Re: Applescript (Quicktime) "with replacing" bug
From: Emmanuel <email@hidden>
Date: Wed, 19 Dec 2007 17:10:06 +0100

At 10:23 AM -0500 12/19/07, Mark J. Reed wrote:

Uhm, yeah.  Even Unix, the king of the "But what if the user *wants*
to shoot himself in the foot?" design philosophy, refuses to replace a
directory with a single file.  You have to explicitly move or remove
the dir first.   I'm pretty sure "with replacing" is not intended to
be quite this powerful.  But even if it is, the real worrisome part is
the reported privilege escalation (assuming it's real; haven't
confirmed).

In case this can save some time to someone some day, I remember a user's report on this list where the poor victim erased his home folder with the same kind of trick, asking TextEdit to save "in" the Home folder.

Once the "save" complete, his Home folder was definitely nothing more than a "Unix executable" icon with a size of 4 KB.

Emmanuel
_______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users

This email sent to email@hidden

References:
	>Re: Applescript (Quicktime) "with replacing" bug (From: "Nigel Garvey" <email@hidden>)
	>Re: Applescript (Quicktime) "with replacing" bug (From: "Mark J. Reed" <email@hidden>)

Prev by Date: How to start/restart the Finder from an AS app?
Next by Date: Re: How to start/restart the Finder from an AS app?
Previous by thread: Re: Applescript (Quicktime) "with replacing" bug
Next by thread: opening a file with the filename unknown
Index(es):
- Date
- Thread