|
|
A script to prevent damage from rm -rf malware
I wonder if its possible for Apple to rewrite the
rm command, and any other Applescript commands or even the kernel's way of unlinking files, so that any invocation of such a command will move the files to your Trash can (or to the root Trash can, etc.). And then, emptying the Trash can will always require the User's password, or an Administrator's if its at the root level. Furthermore, the password prompt will always be prefaced with a statement that the User is about to empty the Trash can (making it difficult to spoof anyone into giving up passwords for other reasons).
Granted, this makes emptying the Trash a little more cumbersome, but essentially prevents any third-party app from permanently deleting files.
Am I being too naive? Is this too difficult to implement? Would there be work-arounds?
A script to prevent damage from rm -rf malware
Remember that a malware program does not have to use the /bin/rm binary at all, and could easily achive the same without using external programs in any programming language.
A script to prevent damage from rm -rf malware
I really hope this never happens. If a user has the ability to delete a file, they also need to take responsibility for what is run on their file space. AppleScripts and shell scripts are far too handy to start limiting them because of the potential issues. These issues have existed since AppleScript was created, so I do not see the issue. Sure there was no rm-rf command in OS 9, but you could get around that and did not have to worry about as many pesky permissions getting in the way of really messing up a system.
A script to prevent damage from rm -rf malware
I would think this would be very possible. I used to do it as a standard procedure when I had to manage Unix installations for non-wizards. It is simply a matter of shadowing the kernel unlink call in the C runtime with a subroutine that moves rather than unlinks then re-link all the commands that do unlink operations (e.g., not just rm, but mv, which will unlink a duplicate target.) This saved me from having to search backups many times... |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.29 seconds |
|