[unisog] MacIntosh Safari Scripts - Hype or Hack?
flynngn at jmu.edu
Tue Feb 21 11:47:58 GMT 2006
Not being familiar enough with MacIntosh to assess the
risk posed by the discovery being reported by Michael Lehn
and being repeated on the SANS and heise.de web sites,
I was hoping for some knowledgeable input here.
Obviously, if anyone can put a file on a web site that
will run unix shell scripts if hit by a Safari browser,
this is extremely serious. I keep seeing the word
Yet the heise.de site says,
"If the user has assigned the Finder to open scripts
using the Terminal, this will happen automatically."
That sounds like something needs to be changed from
default. One person I asked said,
"It seems to me that the user would have had to done a Get
Info on an AppleScript file, changed the "Open With..." to
Terminal, and then clicked on "Change All..." sometime
beforehand for this situation to exist. This is a *highly*
unlikely sequence of events--I can't imagine a reason for
doing it (Terminal isn't a text editor) and have never heard
anyone suggest doing it. So while it *is* an exploit, it's
got practically a zero chance of actually affecting anyone
assuming that I understand things correctly."
Can you folks more conversant in MacIntosh tell us
what is really going on? Is this thing exploitable
in a default configuration and, if not, under what
circumstances would an operator or application change
James Madison University
More information about the unisog