[e-lang] Mac exploit a confused deputy attack
chris at pancrit.org
Tue Feb 28 12:18:26 EST 2006
According to TidBits, (http://db.tidbits.com/getbits.acgi?tbart=08437)
the recent Mac exploits are due to OS X supporting a variety of
mechanism for specifying what application to use to open a file. The
file extension, legacy metadata from OS 9 days, and invisible metadata
(in the resource fork) added for OS X compete to specify the application
all compete to declare the application. In addition, the icon displayed
can be defaulted from one of those, or specified explicitly per-file in
a separate resource.
The end result is that an application (Safari, the browser) can decide
that a file is safe to open, since it's only data (jpg, etc.) but once
passed to the open() call, it turns out that a different application is
used to open it, for instance Terminal, which treats it as a shell
script. In that case, Safari was confused, but the user can also be
confused by a file that appears to be a jpg or pdf, but is an arbitrary
executable when opened.
There's a separate report on the effect on Safari at
(http://db.tidbits.com/getbits.acgi?tbart=08436). I wasn't able to read
the NYTimes article that Norm mentioned on design at fudco.
protecting privacy in the computer age is
like trying to change a tire on a moving car.
hibbert at mydruthers.com
More information about the e-lang