Jump to content

Severe security hole...


  • Please log in to reply
6 replies to this topic

#1
MeeG

MeeG

    InsanelyMac Protégé

  • Members
  • Pip
  • 7 posts
check out http://secunia.com/advisories/18963/ there is the possibility of safari executing malicious code remotely. One workaround is to turn of "Open Safe Files" the problem I had with that is a user may try to open the file anyway so I created a workaround. It is a program that a user would set as there shell that gives a a list of shells to use and would prevent the execution of any "Terminal File" without entering a shell. All you need to do is put the "selector" file where you would like it(I put it in /bin). Then open the terminal and go to the preferences window and where it allows you to execute a command upon opening enter the path of the selector file. The source code is very very simple so if anybody is interested let me know. I'll attach a copy of this program for anyone who would like to use it.

Attached Files



#2
domino

domino

    Retired

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 1,958 posts
  • Gender:Male
  • Location:/tmp
This has been posted already by DR. Jager...

Thanks for posting a zip file after they say, "Do not open files in ZIP archives originating from untrusted sources." :)

Test it from a reliable source: http://secunia.com/m...erability_test/

#3
Metrogirl

Metrogirl

    Resistance is futile...

  • Retired
  • 1,177 posts
  • Location:United States (Originally from UK)
Hi MeeG. I'm sure you're a fine honest person but the problem is we just don't know. I won't remove the attachment (unless there are complaints) although I would warn anyone who downloads it to be careful - if MeeG would like to post the source we'd be happy to read it!

Edit - MeeG has posted his source below :P and it's really kind of him to offer the precompiled version which checks out OK. Thanks, MeeG.

#4
MeeG

MeeG

    InsanelyMac Protégé

  • Members
  • Pip
  • 7 posts
#include <stdio.h>

int main (void) 
{
	int in;	
		
	printf("Welcome to Mac OS X\nPlease select a shell:\n1 - BASH\n2 - TCSH\n3 - CSH\n4 - KSH\n5 - Exit\nWhich shell would you like? ");
	scanf("%d", &in); 
	if(in == 1)
	{
		system("clear");
		system("bash");
		
	}
	else
	if(in == 2)
	{
		system("clear");
		system("tcsh");
	}
	else
	if(in == 3)
	{
		system("clear");
		system("csh");
	}
	else
	if(in == 4)
	{
		system("clear");
		system("ksh");
	}
	else
	if(in == 5)
		return 0;
	
	
	
	
	return 0;
}
There ya go, compile it yourself if you'd like.

#5
Metrogirl

Metrogirl

    Resistance is futile...

  • Retired
  • 1,177 posts
  • Location:United States (Originally from UK)
MeeG, you're a star! :dev: Thank you!

#6
MeeG

MeeG

    InsanelyMac Protégé

  • Members
  • Pip
  • 7 posts
Not a problem I didn't think that posting a warning with a fix would be sketchy but I understand where everyone is coming from, just trying to help out a little bit.

#7
A Nonny Moose

A Nonny Moose

    Proud PPC User

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 2,421 posts
  • Gender:Male
I downloaded Paranoidaranoid Android for the fix





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

© 2014 InsanelyMac  |   News  |   Forum  |   Downloads  |   OSx86 Wiki  |   Mac Netbook  |   Web hosting by CatN  |   Designed by Ed Gain  |   Logo by irfan  |   Privacy Policy