Providing Free and Editor Tested Downloads

Major Geeks.com- Feel the Geek.. BE the Geek!
Mac.MajorGeeks.com » Safe Terminal 0.3 » Download Now

Security | Safe Terminal 0.3

Author: Nir Soffer
Date: 02/26/2006 12:55 PM
Size: 56 KB
License: Freeware
Requires: OS X 10.3/10.4
Downloaded: 6360 times

Sponsored Link TIP: MacKeeper app delivers a secure and private internet experience, while helping your Mac run like new.
Download Locations for Safe Terminal
Download Safe Terminal from Author Site Download@Authors Site
Download Safe Terminal Download@MajorGeeks
Download Safe Terminal Download@MajorGeeks



Preview of Safe Terminal Screenshot for Safe Terminal | Bad Link Bad Link  |  Rating: 3 (2 votes)

Safe Terminal fixes a security weakness with Mac OS X Terminal utility, when it execute shell scripts without the user confirmation.

If Safari "Open safe files after download" is enabled, its possible to create malicious shell scripts that will be executed by the Terminal automatically after you download them. It is also possible to create malicious shell scripts that look like a document or a folder, that will be executed by Terminal on double click without warning.

After Safe Terminal is installed, the Terminal utility will show an alert before executing a shell script, allowing the user to confirm or cancel. The usage of the Terminal to type and run commands is not effected in any way.

Installation:
• Log in as an administrator.
• Copy the folder named "Safe Terminal" in the disk image into InputManagers folder inside the Library folder in the volume Mac OS X is installed. If the InputManagers folder does not exists, create it.
• If the Terminal is running, restart it.
• If you are not allowed to administer this computer, or want to install only for your account, you may install into the InputManagers folder inside the Library folder inside your home folder.
• To verify the installation, double click the file named "test.command" in the disk image. A warning dialog will ask you "Are you sure you want to execute test.command?". Click Cancel or press the Escape key to cancel. Without Safe Terminal a new shell window will open, and the script will execute.

The Safari and Mail shell script execution vulnerability is related to an error in handling of file association by system component called LaunchServices. This error is not fixed by Safe Terminal. It may be possible to attack your computer in other ways, not using shell scripts, exploiting this error.

See Paranoid Android for a fix for the file association handling error and other vulnerabilities.

Known Issues:
Application that use the terminal to execute shell scripts will need a confirmation before the script will execute.

Requirements:
OS X 10.3 and 10.4
PPC



« Ext2 Filesystem 1.4d4 · Safe Terminal 0.3 · Delicious Library 3.9.3 »


© 2000-2024 MajorGeeks.com
Powered by Contentteller® Business Edition