Severe security hole...

WeeZer51402

WeeZer51402

Registered
check out http://secunia.com/advisories/18963/ there is the possibility of safari executing malicious code remotely. One workaround is to turn of "Open Safe Files" the problem I had with that is a user may try to open the file anyway so I created a workaround. It is a program that a user would set as there shell that gives a a list of shells to use and would prevent the execution of any "Terminal File" without entering a shell. All you need to do is put the "selector" file where you would like it(I put it in /bin). Then open the terminal and go to the preferences window and where it allows you to execute a command upon opening enter the path of the selector file. The source code is very very simple so if anybody is interested let me know. I'll attach a copy of this program for anyone who would like to use it.
 

Attachments

  • selector.zip
    19.5 KB · Views: 4
Mac OS has always been confused with its filetypes/suffixes/creator codes/etc so it is not really surprising that a disguised shell script will be opened with minimal effort. Hopefully apple will come out with a patch soon, although the problem lies more with directory services (although i confuse all these new-fangled things) more than with safari. Even a malformed jpeg viewed in Mail.app would have the same effect. In the meantime this is probably the only viable way to complete trump the problem, since Mail.app has minimal protection against this sort of thing.

Thanks for your time and effort!
graham
 
Hi there,

A question, not being so much of a nix guru as some here. I opened your 'selector' file in textedit, and its huge and indecipherable. How come? I would have thought this would have been a very small script in plain text.

Your in paranoia

ora
 
It isn't a script, the file was written in c so you opened the binary in textedit thats why you got all that garbage. If you'd like I can post the source code. In the mean time I'll be working on a gui installer for this app so its easier for the end user to implement. Hopefully that will be done by the end of the day. I'll also recompile it as a univeral app so people with intel macs can run it natively. This is the best workaround that i can think of for now but if anybody has any other ideas or questions please post them.
 
Here is the source code for anybody who is a little weary of my file. It wasn't accepted very well over at osx86project.org.
Code: 
#include <stdio.h>

int main (void) 
{
	int in;	
		
	printf("Welcome to Mac OS X\nPlease select a shell:\n1 - BASH\n2 - TCSH\n3 - CSH\n4 - KSH\n5 - Exit\nWhich shell would you like? ");
	scanf("%d", &in); 
	if(in == 1)
	{
		system("clear");
		system("bash");
		
	}
	else
	if(in == 2)
	{
		system("clear");
		system("tcsh");
	}
	else
	if(in == 3)
	{
		system("clear");
		system("csh");
	}
	else
	if(in == 4)
	{
		system("clear");
		system("ksh");
	}
	else
	if(in == 5)
		return 0;
	
	
	
	
    return 0;
}
 
Ahh, that explains it, pardon my wariness, it sounded like a very good idea, i just felt i should ask. Interesting how many people will install anything as long as it has a legit looking website, but people are vary of clever work by individuals like this.
 
You must log in or register to reply here.
Back
Top