Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'About OS X 'trojan horses'' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
About OS X 'trojan horses'
Authored by: MaxMarino on May 12, '04 01:25:28PM

Apple should not do anything about it, MHO.

As a user the protection is simply to alias 'rm' to 'rm -i' and you are safe even from that script, should you get it, in that before doing anything rm asks for your authorization.

Note that -i is a stronger option than -f so untill you say 'yes' to all rm attempts nothing will happen.



[ Reply to This | # ]
About OS X 'trojan horses'
Authored by: mommsen on May 12, '04 01:49:15PM

If you replace rm -rf with /bin/rm -rf in above example you are back to square one. In addition your alias will have to defined regardless of the shell the malicious script will use. Therefore, an alias is only a very weak protection in this case.



[ Reply to This | # ]
About OS X 'trojan horses'
Authored by: hisbonenus on May 12, '04 01:55:28PM
As a user the protection is simply to alias 'rm' to 'rm -i'
How do you do that?

[ Reply to This | # ]
About OS X 'trojan horses'
Authored by: ilmungo on May 12, '04 02:04:57PM

actually, i tried aliasing rm to "rm -i"; it works as long as you use rm without arguments, and will ask for permission. however, if you use rm -f, it bypasses the permissions, and just deletes the file. is it just me?



[ Reply to This | # ]
About OS X 'trojan horses'
Authored by: samuelam on May 12, '04 02:17:08PM

You're correct.



[ Reply to This | # ]
About OS X 'trojan horses'
Authored by: dmarkman on May 12, '04 07:20:29PM

-i cancel PREVIOUS f, so if you created alias like rm -i and use it like
rm -rf it's essentially as /bin/rm -irf and it's exactly the same as rm -rf



[ Reply to This | # ]
About OS X 'trojan horses'
Authored by: maintain1 on May 13, '04 12:29:51PM

This is so funny. This is nothing more than a basic unix command. It is on EVERY UNIX-LIKE OS and has been for years and years.



[ Reply to This | # ]
About Mac OS X ‘trojan horses'
Authored by: davidbodonnell on May 13, '04 03:36:55PM

I'm as non-plused about this warning as I was about the last one from Intego, about another ‘exploit' that has been known about for years. I half expect them to breathlessly announce that there is a dangerous feature in Mac OS X whereby you can (gasp!) empty the trash without warning, and potentially delete important files!

Or better yet, warn that some nefarious person might write an AppleScript that would enable Postfix and then mail itself out to everyone in your Address Book, then give it the icon of a popular program. Oh, the horror! Start a letter writing campaign to Apple to get that awful, awful UNIX layer disabled immediately!



[ Reply to This | # ]
About OS X 'trojan horses'
Authored by: Pwong on May 17, '04 10:52:47AM

I am new to Unix. Can you pl tell me how to alias "rm" to "rm -i".
Thanks



[ Reply to This | # ]