6 replies to this topic

[MeeG]

check out http://secunia.com/advisories/18963/ there is the possibility of safari executing malicious code remotely. One workaround is to turn of "Open Safe Files" the problem I had with that is a user may try to open the file anyway so I created a workaround. It is a program that a user would set as there shell that gives a a list of shells to use and would prevent the execution of any "Terminal File" without entering a shell. All you need to do is put the "selector" file where you would like it(I put it in /bin). Then open the terminal and go to the preferences window and where it allows you to execute a command upon opening enter the path of the selector file. The source code is very very simple so if anybody is interested let me know. I'll attach a copy of this program for anyone who would like to use it.

Attached Files

•  selector.zip   4.46KB   18 downloads

[domino]

This has been posted already by DR. Jager...

Thanks for posting a zip file after they say, "Do not open files in ZIP archives originating from untrusted sources."

Test it from a reliable source: http://secunia.com/m...erability_test/

[Metrogirl]

Hi MeeG. I'm sure you're a fine honest person but the problem is we just don't know. I won't remove the attachment (unless there are complaints) although I would warn anyone who downloads it to be careful - if MeeG would like to post the source we'd be happy to read it!

Edit - MeeG has posted his source below and it's really kind of him to offer the precompiled version which checks out OK. Thanks, MeeG.

[MeeG]

#include <stdio.h>

int main (void) 
{
	int in;	
		
	printf("Welcome to Mac OS X\nPlease select a shell:\n1 - BASH\n2 - TCSH\n3 - CSH\n4 - KSH\n5 - Exit\nWhich shell would you like? ");
	scanf("%d", &in); 
	if(in == 1)
	{
		system("clear");
		system("bash");
		
	}
	else
	if(in == 2)
	{
		system("clear");
		system("tcsh");
	}
	else
	if(in == 3)
	{
		system("clear");
		system("csh");
	}
	else
	if(in == 4)
	{
		system("clear");
		system("ksh");
	}
	else
	if(in == 5)
		return 0;
	
	
	
	
	return 0;
}

There ya go, compile it yourself if you'd like.

[Metrogirl]

MeeG, you're a star! Thank you!

[MeeG]

Not a problem I didn't think that posting a warning with a fix would be sketchy but I understand where everyone is coming from, just trying to help out a little bit.

[A Nonny Moose]

I downloaded Paranoidaranoid Android for the fix