Slashdot Mirror
Apple Patches Security Flaw in Terminal.app
Currawong writes "Apple has posted Security Update 2002-09-20 for Mac OS X 10.2 and above in Software Update, fixing a security hole in Terminal.app which could 'allow an attacker to remotely execute arbitrary commands on the user's system.' Apple also has a useful page listing all the security updates with a short summary and links to what they patch."
Not knowing much about 10.2, how do they handle severe security patches like this? Are users automagically adviced to install or is there an "OS update" type page they need to visit frequently?
Just curious.
Jouni
Jouni Mannonen | Game Designer, Consultant
I found this bug 2002/09/20, and start to make report for Apple.
In fortunate thing, Apple fixed this bug and begin to distribute updater.
Since Apple fixed this serious bug, I decided to open to the public.
This is very serious security bug.
All Jaguar user should update immediately.
I prepared the test easy here.
If link below is clicked, a Terminal will start and "ls -la" command will be executed by your authority.
telnet://|ls -la
Your use of updater vanishes this brittleness.
name:Taiyo FUJII
E-Mail:taiyo@vinet.or.jp
Sorry, I don't have slashdot account.
This update replaces the entire Terminal.app.
It is now 528kb in size, as opposed to the previous 439kb.
I've also noticed that it launches noticably faster after the update. Perhaps Apple added some tweaks in addition to the security changes.
(no, it isn't the updated prebindings. I just did that myself this morning).
Simple solution.
Use the Mac like it's supposed to be used, not like a damned windows box.
When you close a terminal window, use Apple+W, NOT Apple+Q. Mac's are document-based, not application-based. Close the window, not the terminal app.
Now, when you click on the terminal again it will open up a new window in a fraction of the time.
Justin Dubs
I didn't know a thing about this exploit until I heard there was a patch for it. Not to bash or anything, but if it was MS, it would have been all over the news before the fix came out. Guess there's something to be said for being the minority player after all :)
Come to the University of Mars! Classes starting soon!
what do you mean? Linux developers have came up with alot of cool stuff. Like highlighting the text to copy then just middle clicking to paste. Of course you can do this on bsd or anything that runs X but its still cool. And we have based the desktops around it. No more need to right click to bring up a menu to copy/paste. also in X you can have a active window behind another window. this comes in handy when you are trying to look at both windows at the same time and so one doesnt cover the other. (you do this by right clicking on the window behind the main window to focus on it).
As for the way the desktop looks, thats a personal preference. Do you really think kde/gnome and linux distros really ship with aqua themes?
I like the macosx look and If I can have that look emulated on my free linux box, then thats a bonus.
Linux is completely customizable, you can change everything about the desktop, kde and gnome are very flexable. If you dont like something you can pull the src apart and change it. (I wrote a couple patches my self because I like to use the mouse scroll to shade and unshade windows on the top bar)
We have also made our own freetype fonts. So we dont have to steal them from microsoft. But we can also install the microsoft fonts if we want our desktop to look like a windows box.
Linux developers are very innovative we have more updates and enhancements than macosx and windows put together.
Yes somethings need improvement, but thats what you get when the developers are not being paid.
I would like to see more fluid movement when moving windows across the desktop. Gnome 2.0.2 has really improved it, but its still nowhere as smooth as macosx.
(this probably has something to do with Xfree86)
Linux does have apps like itunes and dreamweaver and even microsoft word. One stop at freshmeat and you will find everything you need.
A good Itunes replacement would be xmms, yes its a clone of winamp, but there is nothing wrong with that, FREE THEMES!
A good replacemnt for dreamweaver would be hotdog, yes the name sounds kinda crude but its very useable and very fast. Reminds me alot of dreamweaver.
And a good replacement for MSword is Abiword or kword, or openoffice. Any One of these will fill your needs. Abiword can read new and old docs perfectly.
Sorry to go on forever but I dont like when people say that linux developers are not innovative.
keanmarine.com
then why does linux launch it so fast?
keanmarine.com
I use the terminal more than I use a gui based filemanager. I can do ALOT in a terminal. tab complete is one of the most usefull tools. In my eyes its alot faster than a gui. But Im sure people that have never used a terminal to its fullest would say the gui FM is better.
I also Have like 20 Terminals open at once. Makes life easier. Have you seen how much memory the terminal.app uses?
here is my handy dandy xterm:
ps aux:
0.0 0.4 xterm
cpu mem
keanmarine.com
Yes somethings need improvement
Obviously "Spell Checker" and "Grammar" come to mind ;)
I like big butts and I cannot lie.
Like highlighting the text to copy then just middle clicking to paste
If I recall correctly, this feature existed in the Sparc 2 which we had at our highschool which ran solaris. This is not a linux development. It may be a *NIX varient development, but not linux.
Linux is completely customizable, you can change everything about the desktop, kde and gnome are very flexable. If you dont like something you can pull the src apart and change it. (I wrote a couple patches my self because I like to use the mouse scroll to shade and unshade windows on the top bar)
All of this can be done with OS X too. You can even kill Aqua and just use it for apps that require Agua and use another windower in it's place for most of your work.
We have also made our own freetype fonts. So we dont have to steal them from microsoft. But we can also install the microsoft fonts if we want our desktop to look like a windows box.
Apple has their own fonts too, what's your point?
Linux developers are very innovative we have more updates and enhancements than macosx and windows put together
And how many of those updates were because they were nessesary to get a feature that has been availible in other OSes for a long time? Seriously, most of linux updates have just brought it closer to being comparable with the modern OSes, not major improvements.
A good Itunes replacement would be xmms, yes its a clone of winamp, but there is nothing wrong with that, FREE THEMES!
Themes don't replace functionality. You have no idea how useful something like a live search feature is untill you've become used to it iTunes is far superior to WinAMP
I will grant that linux developers are innovative and that Linux is a fun system to toy arround with, but they are no more innovative than paid programmers and sadly do make most of their software from other peoples ideas (because otherwise no one would use Linux because people are too fricken dumb to learn a new OS, but that's an entirely differnt rant)
T Money
World Domination with a plastic spoon since 1984
Because text OSes always launch faster than GUI OSes. Come back when you're using Gnome or KDE
T Money
World Domination with a plastic spoon since 1984
Umm, tab complete is in the OS X terminal. I don't see what the problem is? If you just want to use the text based system log in as
>console
T Money
World Domination with a plastic spoon since 1984
okay, yes I just stated i like using the terminal because of tab complete. (had nothing to do with macosx) And I also said I like to open ALOT of terminals So how would the >console help me?
keanmarine.com
umm I am in gnome 2.0.2, I click on the XTERM button on my tool bar, and it pops up an "X"term. And Linux is a gui OS when in X.
keanmarine.com
I haven't tried it and unfortunately my iBook is in the shop, but does command Fkey work in OS X for switching to virtual terminals? That would at least give you 8 terminals
T Money
World Domination with a plastic spoon since 1984
I cant use macosx because I am so used to the way my windowmanager controls windows. In macosx I really cant customize anything. For example, I like to be able to shade and unshade windows using my mouse wheel on the top bar of the window. This makes it so I dont have to minimize the window.
Apple got rid of shading the window in macosx but you can get a plugin that will allow you to get the feature back. But the plugin still wont allow you to shade and unshade using the mouse wheel.
Another thing I like to do is to move and resize windows using Alt+mouse button1 and mouse button 2. This is a must have feature for me, it makes navigating the gui alot easier on me.
So you can see that macosx cant be customized the same way linux can. If you dont like those above options in linux you can always turn them off.
As for itunes/xmms I really dont care, I just like being able ot play music. I do have one thing to say about itunes, its confusing to some people. My dad got his first computer last month, he got the new imac with the 15" lcd. He is 78 years old. He asked me if I the computer was able to play the music cds that he had (he has a couple of cds that my sister made him) I told him I can copy the cd to the harddrive so he doesnt have to put the cd in everytime (I didnt expect him to do it him self) so Once I had the music converted to mp3 I made him a play list in itunes and i showed him how to use it. It was way to much for him, he kept hitting the wrong things and nothing is marked so he had a hard time finding the correct buttons. (he didnt understand if you hold the mouse over a button that it would show the name in a pop up) TO make a long story short, he had alot of problems with itunes, it took him a while to learn, while programs like xmms are a no brainer. I really wish there was a program like winamp for macosx.
Sorry about grammar and spelling, I normally dont spell check or care about things I post on slashdot.....sorry if it bugs you.
keanmarine.com
I like to be able to see all the terminals at once also.
keanmarine.com
I wouldn't know specificaly, but I would be willing to bet you could get most of your costomizations from www.macosxapps.com Granted it's not a built in feature, but you have to consider that sometimes, espesialy when you're developing a system for new users. One of the big problems with Linux is the myriad of options. Sometimes you never know what to do. Linux should really have a simple GUI option, sort of like the mac OS Simple Finder option. That could potentialy bring more desktop users to the OS.
As for your father, I'm not going to assume anything before I know the exact problem because that would be rude. But from what you described, all he would need to know how to do is to start the program, press play stop and skip and quit. Is there somethign else he needed because I know all of those are clearly marked buttons.
T Money
World Domination with a plastic spoon since 1984
Are you certain that Xterm is not availible for OS X or that Fink will not compile it to OS X?
t re views/01/stoton/xtools.shtml
2 01 10081658797
1 09 07082336916
I offer some possibly helpful information here:
http://fink.sourceforge.net/doc/x11/x11.html
http://macreviewzone.com/archive/hardcider/gues
http://www.macosxapps.com/article.php?story=200
http://www.macosxapps.com/article.php?story=200
T Money
World Domination with a plastic spoon since 1984
I know how to launch Xdarwin in rootless mode and I know all about fink. Still the terminal.app shouldnt be that slow.
keanmarine.com
Yes to many options is a problem, but having a registry full of options is not. have you ever tried gnome 2? it has gconf-editor which has options for pretty much everything you could think of. Its not for normal users but for users that know enough to tweak things.
By default gnome/kde/windowmaker/fluxbox or whatever are very useable and have minor gui changes in their config menus which make it easier for the User.
As for my father, he would click on the wrong button by mistake, like when he wanted to double click on a song he would end up dragging it by mistake or something silly like that. Bad thing is I cant see him doing this because he always does it when I am not around.
but hopefully he will get the hang of it.
keanmarine.com
No. The fkey-virtual-terminals thing is fairly unique to x86 PC clones, as it is a result of the way text mode works on the video cards (e.g. text being passed to the video board instead of a frame buffer arrangement like most other systems). It would certainly be possible to implement similar functionality on other systems, but it wouldn't be nearly so straightforward as on PCs. Linux, in fact, has already done this - the fbcon text consoles do provide exactly this functionality using a frame buffer, so it works on sparc, ppc, etc. Sadly, OS X doesn't. Then again, I wonder how useful it would even be...
I think you mean "XFree86 Developers" and not Linux developers. XFree86 runs on many kernels, not just Linux. The functionality they developed was not specific to Linux, it was specific to XFree86.
I don't mean to nitpick, but once again, you're mixing the names up. The desktop customizability is a function of XFree86 and whatever desktop manager you use, not Linux (which I'll reiterate, is a kernel).
All editorial writers ever do is come down from the hill after the battle is over and shoot the wounded.
Its these ignorant people that love to keep their minds closed and keep runing sites like ihateapple.com
So double clicking a window's title bar is too hard? I use WindowshadeX, I have it set so a double click shades the window, just as in OS 9, and the minimize button still minimizes. Are you using the mouse wheel as a button? You can do this with the software that came with the mouse. I have an MS Itellimouse Optical, and use USB Overdrive. If I wanted to I could program the wheel to do this. I have it set so when I click on the mouse wheel it opens a link in a new tab in Mozilla.
Another thing I like to do is to move and resize windows using Alt+mouse button1 and mouse button 2. This is a must have feature for me, it makes navigating the gui alot easier on me.
Once again, that's easier than dragging the window by the title bar? I can move and resize a window with one hand.
You can do a lot of customizing in OS X, you just don't seem familiar with what's available.
-- if it was so, it might be; and if it were so, it would be; but as it isn't, it ain't. That's logic - Lewis Carrol
You can open as many terminals as you like in OS X. Just put their windows where you want.
-- if it was so, it might be; and if it were so, it would be; but as it isn't, it ain't. That's logic - Lewis Carrol
Yes, if you open a new shell often enough to bitch about a .5 second difference, you should leave it open all the time.
If Terminal is closed or has no open windows, clicking on it starts a new terminal.
If Terminal has windows open, clicking on it brings those windows forward.
If Terminal has windows open but they are minimized, clicking on it has no apparent effect other than changing your menubar.
"Document-based," Ha. That's a good one.
I have a positive modifier on Troll. When I mod someone Troll their karma should go UP!
But then again, an iBook with Airport is high on our Christmas wishlist, so perhaps this won't be a problem in the future. Instead of fighting over who gets to use the PowerMac, we'll fight over who gets to roam around the house instead of being chained to the desk. ;-)
Say hello to zMac.