Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Patches Security Flaw in Terminal.app

Posted by pudge on from the security-is-just-a-state-of-mind-if-you-think-about-it dept.

Currawong writes "Apple has posted Security Update 2002-09-20 for Mac OS X 10.2 and above in Software Update, fixing a security hole in Terminal.app which could 'allow an attacker to remotely execute arbitrary commands on the user's system.' Apple also has a useful page listing all the security updates with a short summary and links to what they patch."

9 of 83 comments (clear)

  1. Re:Apple patch installation? by xTina · · Score: 5, Informative

    It is done via the Software Update application. This app checks in certain intervals (default weekly) if new updates are available and lets the user choose the updates to install. Most updates are also available for download from Apple's website. Apple provides a security mailing list which will alert you to security updates. Since summer, all updates are signed and the signature is being checked by Software Update before installing.

  2. The test of this problem: by Anonymous Coward · · Score: 5, Informative

    I found this bug 2002/09/20, and start to make report for Apple.
    In fortunate thing, Apple fixed this bug and begin to distribute updater.
    Since Apple fixed this serious bug, I decided to open to the public.

    This is very serious security bug.
    All Jaguar user should update immediately.
    I prepared the test easy here.
    If link below is clicked, a Terminal will start and "ls -la" command will be executed by your authority.
    telnet://|ls -la

    Your use of updater vanishes this brittleness.

    name:Taiyo FUJII
    E-Mail:taiyo@vinet.or.jp
    Sorry, I don't have slashdot account.

    1. Re:The test of this problem: by Karma+Sink · · Score: 4, Informative

      Actually, I just clicked the link on multiple unpatched machines running OS X 10.2.1. The machine tried telneting to ls -la, to no effect. However, after giving it a good look, this is only because your link does not include the pipe. This is a pretty dangerous exploit, and could easily be changed to rm -rf * rather than a simple ls.

      It's a damned good thing that Apple is so quick on the draw with security fixes...

      --

      When encryption is outlawed, ?o'AZ-,++o+i++##4AoA+-/-C++bI+/.+~
    2. Re:The test of this problem: by Phroggy · · Score: 3, Informative

      Verified that before the patch, typing telnet://|ls%20-la in Internet Explorer's address bar gives me a directory listing, and after the patch it's fixed by turning the | into %7C which doesn't work. I couldn't get it to work by clicking your link though, or in Mozilla.

      Also verified that it launched in two bounces before the patch and one bounce after, on my 700MHz G4 eMac.

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  3. The changes to Terminal.app by Paladeen · · Score: 5, Informative

    This update replaces the entire Terminal.app.

    It is now 528kb in size, as opposed to the previous 439kb.

    I've also noticed that it launches noticably faster after the update. Perhaps Apple added some tweaks in addition to the security changes.

    (no, it isn't the updated prebindings. I just did that myself this morning).

    1. Re:The changes to Terminal.app by norwoodites · · Score: 3, Informative

      not on a weekly basis but automatic when you launch the program and if it needs it, the dynamic library loader (dylib) will automatically do it for you, so the ext time it will launch faster.

      This is from reading the sources of dylib and the release notes of cctools which contains the sources.

    2. Re:The changes to Terminal.app by monolith25 · · Score: 2, Informative

      You can verify that this is happening by looking for 'fix_prebinding' in the process tree after you start up an app that needs prebinding.

      --


      "I'd give my right arm to be in Def Leppard."
      -- Andy Partridge

  4. Re:its sad by jtdubs · · Score: 4, Informative

    Simple solution.

    Use the Mac like it's supposed to be used, not like a damned windows box.

    When you close a terminal window, use Apple+W, NOT Apple+Q. Mac's are document-based, not application-based. Close the window, not the terminal app.

    Now, when you click on the terminal again it will open up a new window in a fraction of the time.

    Justin Dubs

  5. Re:its sad by Cadre · · Score: 3, Informative
    Linux developers have came up with alot of cool stuff. Like highlighting the text to copy then just middle clicking to paste. Of course you can do this on bsd or anything that runs X but its still cool.

    I think you mean "XFree86 Developers" and not Linux developers. XFree86 runs on many kernels, not just Linux. The functionality they developed was not specific to Linux, it was specific to XFree86.

    Linux is completely customizable, you can change everything about the desktop, kde and gnome are very flexable.

    I don't mean to nitpick, but once again, you're mixing the names up. The desktop customizability is a function of XFree86 and whatever desktop manager you use, not Linux (which I'll reiterate, is a kernel).

    --
    All editorial writers ever do is come down from the hill after the battle is over and shoot the wounded.