Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Embed applications in TextEdit Apps
Open TextEdit, create a new document, and then drag in an application ("Clock", for example) from the Finder. You'll see a clock icon appear in your document. If you save the document, it will be in "rtfd" format, which the Finder tells me is "RTF with attachments." If you look at the size of the file, you'll see that, in fact, the entire app has been saved with the document! Now open the file you just saved. Double-click on the application icon (the clock, in this example). The application launches right from TextEdit!

I have no idea as to how this might be useful; maybe it's a standard data format (but I've never heard of embedding an application in an RTF document?). There's nothing in Apple's help about this 'feature', so this is about all I know. Anyone care to shed any more light on the subject?
    •    
  • Currently 1.71 / 5
  You rated: 5 / 5 (7 votes cast)
 
[5,279 views]  

Embed applications in TextEdit | 5 comments | Create New Account
Click here to return to the 'Embed applications in TextEdit' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Oh no...
Authored by: Anonymous on Apr 02, '01 08:41:31AM

...it sounds like this paves the way for the first OS X virus. It sounds like a great feature but the potential for abuse is great as well too.



[ Reply to This | # ]
Looks like a bug to me...
Authored by: lstewart on Apr 02, '01 06:12:20PM

I haven't tried this out for myself, but if it works this way, I have to agree with the previous comment: it sounds like a Microsoft-style security hole. I was thinking about why they would do such a thing, and the only *speculative* conclusion I could come to was the following:

Apple might use the same Cocoa-based RTF editing control in both TextEdit and Mail. This would explain why the text editor supports drag-and-drop "attachments." However, in both a TextEdit and a Mail context, it would seem that they ought to limit the control's ability to launch executable attachments--at least without warning users that the attachment may contain malicious code.

I guess maybe this security concern--executable attachments--didn't apply too much in the classic Mac world? Application files had two forks, and thus were rarely sent via email without first Stuffing them, or otherwise encoding them. (They usually had to be detached & decoded before they could actually execute, no?) That probably made it a bit harder for email viruses to propagate.



[ Reply to This | # ]
Looks like a bug to me...
Authored by: dstewart on Apr 06, '01 05:19:12PM

Bug??? A bug like this in Microsoft? No way. It was a feature. In Windows 3.x, this was one of the methods of Object Linking and Embedding (OLE). You could package an object, like an app, into many forms of documents. There was even a program, the Object Packager, that assisted you with making packages. Of course, it was probably used 6 times. I don't think it's there any more.



[ Reply to This | # ]
How it works
Authored by: _merlin on Apr 02, '01 06:41:42PM

I won't comment on the security, or lack of it, of the RTFD format, but I can explain how it works. An RTFD "file" isn't a file at all. It's really a NeXT bundle, like a Mac OS X application, font or nib file. It appears as a directory in terminal sessions, and you can get the Finder to display its contents. All the images, PDFs, movies, sounds, applications and other non-text content is stored in this directory, along with an RTF file containing the textual content and links to the embedded content. This is an easy way to create a composite document without resource forks or MIME encoding. I, personally, think RTFD is great. OmniWeb can save web pages as RTFD, complete with images and full formatting information. Soon other applications will be able to export to this format as well. Sure, the only operating systems that recognise it are Mac OS X and OpenStep, but this can only improve.

Vasantha Crabb



[ Reply to This | # ]
Security ramifications of emailed pkgs - was: How it works
Authored by: Anonymous on Apr 04, '01 07:08:35PM
If it is a MacOS X bundle (i.e., a directory), that saves you from a simple e-mail virus that you merely have to receive (like those nasty VBScript Outlook ones): if you get it in email, it will be tarred and encoded - it is static data.

However, it does provide the possibility that opening an attachment can spawn a virus. This, however, is widely the situation on the net and has been for years - open arbitrary things, and you don't know what you'll get. To be responsible, the Mail client ought to somehow tag the attachment as "untrusted", but how you do that in a general way when the attachment is simply a tar file is something I'm unsure about. For example, you might tag the file somehow, but the user might still simply use the standard gnutar to unwrap it. I suppose if the user's doing that, then they're knowledgeable enough not to shoot their own foot, but ya never know.....

You could at least hack Mail to check for the filename of the attachment. If it is .app or .rtfd, warn the user about executable code (or does Mail do this already?). For that matter, if an attachment's type is tar, then do a tar -t on it and warn of any files inside it that look like they might have executable code.



[ Reply to This | # ]