Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Check items on Desktop for execute privileges System
I wrote an AppleScript to check all files on the Desktop for execute permissions. This ensures that, when you download files to your desktop, they cannot be 'run' by Terminal. (Just to make sure that those screenshots you downloaded of Leopard really are pictures, not UNIX code.)
The AppleScript works by running as a Folder Action for your desktop, and it displays a Growl notification if something is amiss. Here it is:

on adding folder items to this_folder after receiving added_items
	
	-- Run the terminal command.
	set theResult to do shell script "find ~/Desktop -type f -perm +111 -print"
	
	-- If it returned something, then display a Growl notification.
	if theResult is not "" then
		tell application "GrowlHelperApp"
			-- Make a list of all the notification types 
			-- that this script will ever send:
			set the allNotificationsList to 
				{"Executable File on Desktop"}
			
			-- Make a list of the notifications 
			-- that will be enabled by default.      
			-- Those not enabled by default can be enabled later 
			-- in the 'Applications' tab of the growl prefpane.
			set the enabledNotificationsList to 
				{"Executable File on Desktop"}
			
			-- Register our script with growl.
			-- You can optionally (as here) set a default icon 
			-- for this script's notifications.
			register as application 
				"Desktop Folder Action AppleScript" all notifications allNotificationsList 
				default notifications enabledNotificationsList
			
			-- Send a Notification...
			notify with name 
				"Executable File on Desktop" title 
				"Executable File on Desktop" description "The file(s) " & theResult & 
				" have execute permissions and could be dangerous to your computer" application name 
				"Desktop Folder Action AppleScript" icon of file "~/Desktop/"
		end tell
	end if
end adding folder items to

Set this AppleScript to a folder action for your Desktop, and make sure that your browser downloads files to the desktop. Also, as is, this only works with Growl, but it would probably be easy to change so it works with other things as well.

[kirkmc adds: I haven't tested this. Whether this serves any real purpose, given that Apple has "fixed" the problem with auto-execution of downloads, is up in the air: it might not have much practical value. However, who knows if there won't be another security hole that allows something similar. Who was it who said that only the paranoid survive?]
    •    
  • Currently 1.50 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)
 
[7,054 views]  

Check items on Desktop for execute privileges | 6 comments | Create New Account
Click here to return to the 'Check items on Desktop for execute privileges' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Check items on Desktop for execute privileges
Authored by: munkt0n on May 05, '06 08:24:30AM

Hi, I'm new here, I love this site, loads of useful info.

any chance of adding a 'select code' button? when I click inside the code box and do ctrl/command + a to select all it selects the entire page.



[ Reply to This | # ]
downloadable code
Authored by: sjk on May 05, '06 03:25:47PM
Even better, code that's posted here could have a linked version so it could be downloaded and avoid any copy/paste errors. The longer code examples posted in-line with comments are top candidates for downloadable copies.

decaffeinated archive's recent Submit, publish, comment, rinse, repeat article make some good points about the drawbacks of how hints/comments are managed here. However, I disagree that a Wiki would be an ideal solution.

[ Reply to This | # ]
Check items on Desktop for execute privileges
Authored by: frgough on May 05, '06 10:34:37AM

Apple slapped a band-aid on the original exploit, but not on the fundamental flaw, which is the ability for one file type to masquerade as another.



[ Reply to This | # ]
Check items on Desktop for execute privileges
Authored by: CajunLuke on May 05, '06 01:03:08PM

Ok, this finally pushed me over to getting Growl. I haven't seen the point until now, but I don't want to bother with changing this to "display dialog".



[ Reply to This | # ]
Check items on Desktop for execute privileges
Authored by: Spartacus on May 06, '06 02:42:09AM
Whether this serves any real purpose, given that Apple has "fixed" the problem with auto-execution of downloads, is up in the air: it might not have much practical value.
Because you never double-click any file that you have downloaded?

[ Reply to This | # ]
performance
Authored by: sjk on May 06, '06 01:15:37PM
Set this AppleScript to a folder action for your Desktop, and make sure that your browser downloads files to the desktop.
At least for performance benefits, some people might prefer using a separate folder for downloaded files and assigning the Folder Action to it (with the correct download folder name) instead of using a Desktop that's cluttered with other files/folders. Previous hints+comments have discussed the advantages of keeping a relatively uncluttered Desktop.

[ Reply to This | # ]