Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Comment from my email...' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Comment from my email...
Authored by: robg on May 12, '04 02:25:32PM
Robert emailed this to me and gave me permission to post; he doesn't have an account, but I thought he raised some interesting options. He writes:
The ability for Applescript to execute Unix commands is a very valuable feature that I use, and would hate to see it disabled. I use the do shell script line many times, and I can't imagine how else I can process files without that bridge between an application and Unix.

I think the best way to combat this is with three approaches.
  1. Remove the feature that permits AppleScript to make files uneditable. Let us always be able to see AppleScript code.
  2. Provide for the user, a switch in the preferences, defaulted to on, which disables (or prompts for confirmation) any call to 'do shell script', along with the code. Since the number of commands in Unix is finite, an enhancement would be to translate shell scripts to english to help people understand what's going on. (ie: 'rm' gets translated to 'delete', -r translates to 'recursively', -f translates to 'without prompting for confirmation', and ~ translates to 'your home directory'.)
  3. Provide a tool that can be run by the user on all suspicious files that will look for 'do shell scripts', and translate the script into english (as described above).
I like the concept of an "shell to english" converter; that would help people understand (at least somewhat) what a given script may do...

-rob.

[ Reply to This | # ]
Comment from my email...
Authored by: etrepum on May 12, '04 02:35:41PM

That wouldn't solve anything. AppleScript isn't the only vector for trojan horses.

A decompiler for AppleScript is definitely possible.. though I'm not really sure it would be worth it.



[ Reply to This | # ]
Regarding the switch in the preferences
Authored by: hamarkus on May 12, '04 03:18:44PM

Regarding the switch in the preferences, unfortunately, a lot of (X11) programs use shell scripts (e.g. Matlab uses one for its start-up).

One could still use the switch together with a list of exempted scripts/programs, but every programmer using shell scripts would have to put it in their ReadMe that there will be a message about it the first time you run the program.

Another idea would be for OS X to create instantaneous internal back-ups of parts of the User folder and assigning these back-ups to another user. These back-ups could be done for some of the stuff in ~/Library and other files or folders a user specifies. They would be protected by a special password.



[ Reply to This | # ]
Comment from my email...
Authored by: GaelicWizard on May 12, '04 04:30:30PM
2. Provide for the user, a switch in the preferences, defaulted to on, which disables (or prompts for confirmation) any call to 'do shell script', along with the code. Since the number of commands in Unix is finite, an enhancement would be to translate shell scripts to english to help people understand what's going on. (ie: 'rm' gets translated to 'delete', -r translates to 'recursively', -f translates to 'without prompting for confirmation', and ~ translates to 'your home directory'.)
I disagree. This is in the same spirit as disableing "do shell script" altogether, and doesn't help. AppleScript can just as easily tell the Finder to move "~" to the trash, then tell Finder to empty the trash. It will work. No comfirmation either.

I would support, however, an option to default to "open for editing" for ALL AppleScripts (and make them all editable).

---
Pell

[ Reply to This | # ]

Comment from my email...
Authored by: TicToc on May 12, '04 05:56:10PM

...and so in order to protect users from evildoers exploiting their ignorance, we destroy in one stroke all (well, much) income derived by anyone making money from writing & distributing Applescripts. If you can read the code, you can edit it, and spot & remove any registration lock.

I know this is tangential, but I guess that's the point. Using technical solutions to social problems will always have unintended side effects - and won't necessarily work.

Anyone want to start a thread about how copy protection & registration locks shouldn't be allowed because they're a technical fix to a social problem? Nooooo.....



[ Reply to This | # ]
Comment from my email...
Authored by: jasont on May 12, '04 06:57:46PM

'Suppress all further warnings is good'

asking permission to delete an entire user's home directory is good too

...Applescripts from authors who don't contribute to helping other ppl code (a little post here, a little newsgroup reply there) = not worth paying a dime for. That's a lot of ppl's introduction to coding.

What's up w/ the ppl who type -fr (are they second guessing typers, french, or did they memorize the commands alphabetically)?



[ Reply to This | # ]
Comment from my email...
Authored by: Graff on May 12, '04 07:13:09PM

The danger is not in the "do shell script" command, disabling it will only close down one of several possible routes to do damage. For example, here is a straight AppleScript way to do similar damage:

!!!! CAREFUL, YOU CAN DO SERIOUS DAMAGE IF YOU RUN THIS SCRIPT !!!!


tell application "Finder"
	-- !!! CAUTION !!!
	-- if you uncomment the next line you will delete your home directory
	-- delete (path to home folder)
	empty trash
end tell

I can create a similar program in Java, Cocoa, Carbon, or whatever. You can never fully close off this sort of problem, all you can do is make life more difficult for yourself as you shut down all of the ways that this can be done.

The solution is simply to be careful about the source of programs and files. If you are not certain about a file then create a dummy user account and open it in there. Also keep backups of your important files in case you do make a mistake and run something that destroys your home directory.

- Graff



[ Reply to This | # ]
Comment from my email...
Authored by: sjmills on May 13, '04 12:01:56AM
Remove the feature that permits AppleScript to make files uneditable. Let us always be able to see AppleScript code.

There are many people and companies that make money writing AppleScript scripts, and they protect their investment by only giving the customer a run-only version of the script. Taking that away would be a very bad thing.

The other thing to consider is that a huge percentage of computer users these days are not smart enough to know that they could try opening a downloaded file with Script Editor to see if it's a malicious script. The only people that are going to do that are smart enough to open run-only scripts with a resource editor and look at the 4-char codes and text values to see what the script is doing.

[ Reply to This | # ]

Comment from my email...
Authored by: l-i-n-k on May 13, '04 04:24:21AM

Saving to uneditable Applescripts could be combined with a trusting mechanism:

Either
the user accepts the execution of an uneditable Script (because he trusts the source of the file)
OR
the Applescript has to be certified (signed) by someone (eg. Apple)



[ Reply to This | # ]