Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Avoid a security vulnerability in Safari' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Avoid a security vulnerability in Safari
Authored by: n8gray on Feb 23, '06 04:08:40PM

Perhaps somebody should write a folder action that strips the 'usro' resource from files (and maybe the creator code for good measure). Then you could attach it to your downloads folder, set it to activate for any newly-added file, and this sort of attack would be neutralized.

Does anybody know a scriptable way to hack resources? There's Rez and DeRez...



[ Reply to This | # ]
Avoid a security vulnerability in Safari
Authored by: mark hunte on Feb 23, '06 05:19:45PM

I think some one already did a script here.

http://forums.macosxhints.com/showthread.php?t=51854

---
mh



[ Reply to This | # ]
Avoid a security vulnerability in Safari
Authored by: n8gray on Feb 24, '06 11:07:20AM

The only script I see there is one that deletes the entire resource fork from every file. This will break any file that relies on having a valid resource fork! We need something that only deletes (or replaces) the usro resource. AFAICT, for somebody who understands the APIs involved this shouldn't be a terribly hard thing to do.

Unlike the other solutions out there (rename or move Terminal.app, delete the whole resource fork, etc) this would have extremely few, if any, unintended consequences.



[ Reply to This | # ]