Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The GIF in the article shows it opening a shell and piping in an inline script that is just an exit command. There's nothing stopping you from piping in your own arbitrary bash commands and executing them, including commands to download a more complex malicious executable payload from the internet and execute it.


It looks as though the URL in the inetloc file is `file:///bin/sh`. Running the command `open file:///bin/sh` should cause the same effect; Terminal.app starts a new shell and executes `/bin/sh ; exit;`.

Even if you managed to land an executable in the user's Downloads folder, and guess their username, I think there would be _multiple_ prompts the user would have to ignorantly click through.


A useful addition to the kernel could be a flag that disallows a thread from launching child processes.

Then when doing any of this risky stuff like handling gif/png/ASN.1/etc data from outside sources you can handle it in a worker thread that simply isn't allowed to launch external processes and thus sidestep a lot of these exploits.

Please get on that Apple kernel devs...


Heck. Have an rm -rf would probably ruin some peoples day on their home directory.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: