SERIOUS potential security flaw in OSX?

[z4ph0d]

I remember reading somewhere that Explorer writes to various files on your disk if the disk is full. Amongst others, the file .DS_Store was apparently affected. A couple of days ago, I remebered seeing the system trying to launch a .DS_Store file from my StartupItems folder. I would consider this a huge security hole, as malicious code in a browser could potentially fill the .DS_Store file with code, wich in turn would be executed on a system boot. Am I just being paranoid, or could this be a threat to us MacOSX users?

 

[voice-]

This is something I see as a bitg threat. The first thing Apple should do is to protect the file. Then I wish that Explorer stops being released with OS X(10.2 comes after the deal has ended, right?). Put OmniWeb in there, or Mozilla. iCab is fine, and so will Chimera be when background tabs and stability is there.

 

[z4ph0d]

Sup voice- LTNS!

I digress....

How come apple hasn't hidden the .DS_Store file somewhere, maybe even have just one .DS_Store file with system-only write-access? Bugs me bigtime when I'm burning ISO/Joliet CD's and all folders have a .DS_Store file in them. The .DS_Store file can actually contain parts of your volume hierarchy, wich is a very bad thing if you distribute CD's to clients and the likes....

 

[roger]

If you had a single .DS_Store it would be getting a bit like the win32 registry. I am not a fan of the windows registry.

R.

 

[z4ph0d]

No, but I read an article regarding IE cache and full drives. When IE tried to write to a full disk, it instead spilled cache data over on multiple files on your HD, including .DS_Store. If you rename an executable to .DS_Store, won't you be able to launch it after a rehash? In any case its reassuring to know the system won't lauch any old file hanging around in the StartupItems directory.