MeeG Posted February 21, 2006 Share Posted February 21, 2006 check out http://secunia.com/advisories/18963/ there is the possibility of safari executing malicious code remotely. One workaround is to turn of "Open Safe Files" the problem I had with that is a user may try to open the file anyway so I created a workaround. It is a program that a user would set as there shell that gives a a list of shells to use and would prevent the execution of any "Terminal File" without entering a shell. All you need to do is put the "selector" file where you would like it(I put it in /bin). Then open the terminal and go to the preferences window and where it allows you to execute a command upon opening enter the path of the selector file. The source code is very very simple so if anybody is interested let me know. I'll attach a copy of this program for anyone who would like to use it. selector.zip Link to comment Share on other sites More sharing options...
domino Posted February 21, 2006 Share Posted February 21, 2006 This has been posted already by DR. Jager... Thanks for posting a zip file after they say, "Do not open files in ZIP archives originating from untrusted sources." Test it from a reliable source: http://secunia.com/mac_os_x_command_execut...erability_test/ Link to comment Share on other sites More sharing options...
Metrogirl Posted February 21, 2006 Share Posted February 21, 2006 Hi MeeG. I'm sure you're a fine honest person but the problem is we just don't know. I won't remove the attachment (unless there are complaints) although I would warn anyone who downloads it to be careful - if MeeG would like to post the source we'd be happy to read it! Edit - MeeG has posted his source below and it's really kind of him to offer the precompiled version which checks out OK. Thanks, MeeG. Link to comment Share on other sites More sharing options...
MeeG Posted February 22, 2006 Author Share Posted February 22, 2006 #include <stdio.h> int main (void) { int in; printf("Welcome to Mac OS X\nPlease select a shell:\n1 - BASH\n2 - TCSH\n3 - CSH\n4 - KSH\n5 - Exit\nWhich shell would you like? "); scanf("%d", &in); if(in == 1) { system("clear"); system("bash"); } else if(in == 2) { system("clear"); system("tcsh"); } else if(in == 3) { system("clear"); system("csh"); } else if(in == 4) { system("clear"); system("ksh"); } else if(in == 5) return 0; return 0; } There ya go, compile it yourself if you'd like. Link to comment Share on other sites More sharing options...
Metrogirl Posted February 22, 2006 Share Posted February 22, 2006 MeeG, you're a star! Thank you! Link to comment Share on other sites More sharing options...
MeeG Posted February 22, 2006 Author Share Posted February 22, 2006 Not a problem I didn't think that posting a warning with a fix would be sketchy but I understand where everyone is coming from, just trying to help out a little bit. Link to comment Share on other sites More sharing options...
A Nonny Moose Posted February 23, 2006 Share Posted February 23, 2006 I downloaded Paranoidaranoid Android for the fix Link to comment Share on other sites More sharing options...
Recommended Posts