Check items on Desktop for execute privileges

May 05, '06 07:30:00AM

Contributed by: galendw

I wrote an AppleScript to check all files on the Desktop for execute permissions. This ensures that, when you download files to your desktop, they cannot be 'run' by Terminal. (Just to make sure that those screenshots you downloaded of Leopard really are pictures, not UNIX code.)
The AppleScript works by running as a Folder Action for your desktop, and it displays a Growl notification if something is amiss. Here it is:

on adding folder items to this_folder after receiving added_items
	
	-- Run the terminal command.
	set theResult to do shell script "find ~/Desktop -type f -perm +111 -print"
	
	-- If it returned something, then display a Growl notification.
	if theResult is not "" then
		tell application "GrowlHelperApp"
			-- Make a list of all the notification types 
			-- that this script will ever send:
			set the allNotificationsList to ¬
				{"Executable File on Desktop"}
			
			-- Make a list of the notifications 
			-- that will be enabled by default.      
			-- Those not enabled by default can be enabled later 
			-- in the 'Applications' tab of the growl prefpane.
			set the enabledNotificationsList to ¬
				{"Executable File on Desktop"}
			
			-- Register our script with growl.
			-- You can optionally (as here) set a default icon 
			-- for this script's notifications.
			register as application ¬
				"Desktop Folder Action AppleScript" all notifications allNotificationsList ¬
				default notifications enabledNotificationsList
			
			-- Send a Notification...
			notify with name ¬
				"Executable File on Desktop" title ¬
				"Executable File on Desktop" description "The file(s) " & theResult & ¬
				" have execute permissions and could be dangerous to your computer" application name ¬
				"Desktop Folder Action AppleScript" icon of file "~/Desktop/"
		end tell
	end if
end adding folder items to

Set this AppleScript to a folder action for your Desktop, and make sure that your browser downloads files to the desktop. Also, as is, this only works with Growl, but it would probably be easy to change so it works with other things as well.

[kirkmc adds: I haven't tested this. Whether this serves any real purpose, given that Apple has "fixed" the problem with auto-execution of downloads, is up in the air: it might not have much practical value. However, who knows if there won't be another security hole that allows something similar. Who was it who said that only the paranoid survive?]

Comments (7)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20060429145035560