Re: disk:// and help:// security problems
Re: disk:// and help:// security problems
- Subject: Re: disk:// and help:// security problems
- From: Robert Goldsmith <email@hidden>
- Date: Tue, 18 May 2004 19:01:13 +0100
>
http://bronosky.com/pub/AppleScript.htm
Yes, I noticed this this morning and have advised everyone I know to
use either the IE preferences or MisFox to change the Help helper to
preview or Textedit (preview for those who don't want to see the script
command passed). There are very few limitations in what even a script
string passed in the url is capable of doing and, as pointed out, as
this doesn't require a dmg or anything to be downloaded, turning off
'open safe files' has no effect. After all, the applescript could
easily use curl to download anything it wants and run it from a known
location...
It is interesting to note that, according to talk on /. the problem is
only in 10.3 - 10.2 seems to be 'immune' so this was caused by a recent
braindread action on the part of an Apple developer rather than an old
one you could blame on 'didn't know better' ... Of course, Apple
removing the 'Helpers' preference pane in 10.3 didn't really help
either, nor does the use of CM coding for the preference file holding
all the settings :(
It is also very reminiscent to the Windows Help bug that was capable of
formatting your hard drive :(
The most common form of attack on platforms with few email client bugs
is via common protocols such as ssh, ftp, http/url coding etc. and
anyone working with this type of tcp connection must really think hard
of the knock-on consequences!
Robert
---
GnuPG public key:
http://www.Far-Blue.co.uk/
[demime 0.98b removed an attachment of type application/pgp-signature which had a name of PGP.sig]
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.