![]() |
Thursday, February 23, 2006 |
The Safari Shell Script Execution Exploit: What you need to know about the recently publicized exploit where Safari can be tricked into executing an arbitrary shell script. (Via Daring Fireball.) When OS X was originally released, some reviewers warned of the potential conflict and confusion between different forms of file metadata, especially metadata that associates a file to an opening application. The problem is that OS X tried to combine three different metadata systems: the original Mac OS file type and creator; file name extensions as used by Windows and some Web applications; and a new, more general OS X metadata system. Chaos follows when different parts of a complex process such as downloading and opening a file use different metadata elements to make their decisions. I understand the urge to be as compatible as possible with the old Mac OS and Windows metadata legacies, but Apple and its users are going to pay dearly for a long time for that short-term expediency. A slightly less convenient approach in which legacy metadata would be translated to OS X metadata when metadata is first needed by an OS X service of application, so that all system services and applications have a consistent view of file-application associations and the corresponding security risks, would have been the right thing to do for security. But security by design is still the exception. |