Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Use GURLfriend' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Use GURLfriend
Authored by: sinjin on May 19, '04 11:23:18AM
I followed the advice in the hint as soon as I heard about this exploit but it wasn't enough to stop it. Test yourself by clicking on this url:

http://bronosky.com/pub/AppleScript.htm.

If you are vulnerable your terminal will launch and run the 'du' command. Unfortunately you need to alter some Applescript code within the Help application's contents. How to do that by has has been listed on several boards. The easy way is to run DGTGF. It replaces deleted the offending code from Help, and offers you the option to restore it if needed.

[ Reply to This | # ]

Use GURLfriend
Authored by: Tulse on May 19, '04 11:29:58AM

I used Misfox to change the helper app for the help protocol, and it does indeed prevent the exploit (using the provided URL to test the system after this change confirms this -- Terminal doesn't launch, and no shell command is executed).

I'd feel more comfortable about DGTG if the developers were clearer as to what it actually does.



[ Reply to This | # ]
Maybe you have to logout first
Authored by: hamarkus on May 19, '04 11:42:01AM

If read elsewhere that you have to log out before these changes take effect.



[ Reply to This | # ]
Maybe you have to logout first
Authored by: robg on May 19, '04 12:26:34PM

That's not true -- I just installed More Internet, set the Help URL helper to be TextEdit, then tried the above link. It worked perfectly -- TextEdit launched, but nothing happened. No restart required, and I didn't even quit and relaunch Firefox...

-rob.



[ Reply to This | # ]
Use GURLfriend
Authored by: sinjin on May 19, '04 01:44:44PM
Ahhhh, I see now that the hint has been updated and yes, I set the "help" protocol to hand the call back to Safari... which hands it back to Help! Sheesh.

So are we sufficiently secure from this exploit with the steps outlined in the hint? Or do we need to be nervous about those OpnApp scripts (the script that runs the exploit) sitting there on our hard drives? Forgive me if my questions are stupid, I'm a security newbie!

Anyhow, GURLfriend only seems to alter the OpnApp script in the english localization folder, yet there are copies of this script in other language folders.

[ Reply to This | # ]

Use GURLfriend
Authored by: Tulse on May 19, '04 02:39:58PM

If you set the "help" protocol to use Safari, it likely will cause problems. I have set it to use TextEdit, and it works fine.



[ Reply to This | # ]