MeeG Posted February 21, 2006 Share Posted February 21, 2006 check out http://secunia.com/advisories/18963/ there is the possibility of safari executing malicious code remotely. One workaround is to turn of "Open Safe Files" the problem I had with that is a user may try to open the file anyway so I created a workaround. It is a program that a user would set as there shell that gives a a list of shells to use and would prevent the execution of any "Terminal File" without entering a shell. All you need to do is put the "selector" file where you would like it(I put it in /bin). Then open the terminal and go to the preferences window and where it allows you to execute a command upon opening enter the path of the selector file. The source code is very very simple so if anybody is interested let me know. I'll attach a copy of this program for anyone who would like to use it. selector.zip Link to comment https://www.insanelymac.com/forum/topic/9636-severe-security-hole/ Share on other sites More sharing options...
domino Posted February 21, 2006 Share Posted February 21, 2006 This has been posted already by DR. Jager... Thanks for posting a zip file after they say, "Do not open files in ZIP archives originating from untrusted sources." Test it from a reliable source: http://secunia.com/mac_os_x_command_execut...erability_test/ Link to comment https://www.insanelymac.com/forum/topic/9636-severe-security-hole/#findComment-60002 Share on other sites More sharing options...
Metrogirl Posted February 21, 2006 Share Posted February 21, 2006 Hi MeeG. I'm sure you're a fine honest person but the problem is we just don't know. I won't remove the attachment (unless there are complaints) although I would warn anyone who downloads it to be careful - if MeeG would like to post the source we'd be happy to read it! Edit - MeeG has posted his source below and it's really kind of him to offer the precompiled version which checks out OK. Thanks, MeeG. Link to comment https://www.insanelymac.com/forum/topic/9636-severe-security-hole/#findComment-60090 Share on other sites More sharing options...
MeeG Posted February 22, 2006 Author Share Posted February 22, 2006 #include <stdio.h> int main (void) { int in; printf("Welcome to Mac OS X\nPlease select a shell:\n1 - BASH\n2 - TCSH\n3 - CSH\n4 - KSH\n5 - Exit\nWhich shell would you like? "); scanf("%d", &in); if(in == 1) { system("clear"); system("bash"); } else if(in == 2) { system("clear"); system("tcsh"); } else if(in == 3) { system("clear"); system("csh"); } else if(in == 4) { system("clear"); system("ksh"); } else if(in == 5) return 0; return 0; } There ya go, compile it yourself if you'd like. Link to comment https://www.insanelymac.com/forum/topic/9636-severe-security-hole/#findComment-60166 Share on other sites More sharing options...
Metrogirl Posted February 22, 2006 Share Posted February 22, 2006 MeeG, you're a star! Thank you! Link to comment https://www.insanelymac.com/forum/topic/9636-severe-security-hole/#findComment-60169 Share on other sites More sharing options...
MeeG Posted February 22, 2006 Author Share Posted February 22, 2006 Not a problem I didn't think that posting a warning with a fix would be sketchy but I understand where everyone is coming from, just trying to help out a little bit. Link to comment https://www.insanelymac.com/forum/topic/9636-severe-security-hole/#findComment-60174 Share on other sites More sharing options...
A Nonny Moose Posted February 23, 2006 Share Posted February 23, 2006 I downloaded Paranoidaranoid Android for the fix Link to comment https://www.insanelymac.com/forum/topic/9636-severe-security-hole/#findComment-61225 Share on other sites More sharing options...
Recommended Posts