Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A script to prevent damage from rm -rf malware' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A script to prevent damage from rm -rf malware
Authored by: rhowell on May 18, '04 12:04:12PM
I wonder if its possible for Apple to rewrite the rm command, and any other Applescript commands or even the kernel's way of unlinking files, so that any invocation of such a command will move the files to your Trash can (or to the root Trash can, etc.). And then, emptying the Trash can will always require the User's password, or an Administrator's if its at the root level. Furthermore, the password prompt will always be prefaced with a statement that the User is about to empty the Trash can (making it difficult to spoof anyone into giving up passwords for other reasons). Granted, this makes emptying the Trash a little more cumbersome, but essentially prevents any third-party app from permanently deleting files.

Am I being too naive? Is this too difficult to implement? Would there be work-arounds?

[ Reply to This | # ]
A script to prevent damage from rm -rf malware
Authored by: sapporo on May 18, '04 12:57:18PM

Remember that a malware program does not have to use the /bin/rm binary at all, and could easily achive the same without using external programs in any programming language.
And even if you make it impossible to unlink files, a malware program could just overwrite you files with gibberish.



[ Reply to This | # ]
A script to prevent damage from rm -rf malware
Authored by: robmorton on May 18, '04 03:31:47PM

I really hope this never happens. If a user has the ability to delete a file, they also need to take responsibility for what is run on their file space. AppleScripts and shell scripts are far too handy to start limiting them because of the potential issues. These issues have existed since AppleScript was created, so I do not see the issue. Sure there was no rm-rf command in OS 9, but you could get around that and did not have to worry about as many pesky permissions getting in the way of really messing up a system.



[ Reply to This | # ]
A script to prevent damage from rm -rf malware
Authored by: ptwithy on May 18, '04 04:07:52PM

I would think this would be very possible. I used to do it as a standard procedure when I had to manage Unix installations for non-wizards. It is simply a matter of shadowing the kernel unlink call in the C runtime with a subroutine that moves rather than unlinks then re-link all the commands that do unlink operations (e.g., not just rm, but mv, which will unlink a duplicate target.) This saved me from having to search backups many times...



[ Reply to This | # ]