[cap-talk] Mac exploit a confused deputy attack

David Mercer radix42 at gmail.com
Sat Mar 4 22:44:14 EST 2006


On 2/28/06, Chris Hibbert <chris at pancrit.org> wrote:
> The end result is that an application (Safari, the browser) can decide
> that a file is safe to open, since it's only data (jpg, etc.) but once
> passed to the open() call, it turns out that a different application is
> used to open it, for instance Terminal, which treats it as a shell
> script.  In that case, Safari was confused, but the user can also be
> confused by a file that appears to be a jpg or pdf, but is an arbitrary
> executable when opened.

This reminds me of a unix trojan in the late 80s.  It replaced a
binary executable owned by a user with a shell script that was padded
out to the length of the original that it replaced with whitespace.

-David Mercer



More information about the cap-talk mailing list