Slashdot Mirror
Apple Patches Security Flaw in Terminal.app
Currawong writes "Apple has posted Security Update 2002-09-20 for Mac OS X 10.2 and above in Software Update, fixing a security hole in Terminal.app which could 'allow an attacker to remotely execute arbitrary commands on the user's system.' Apple also has a useful page listing all the security updates with a short summary and links to what they patch."
It is done via the Software Update application. This app checks in certain intervals (default weekly) if new updates are available and lets the user choose the updates to install. Most updates are also available for download from Apple's website. Apple provides a security mailing list which will alert you to security updates. Since summer, all updates are signed and the signature is being checked by Software Update before installing.
I found this bug 2002/09/20, and start to make report for Apple.
In fortunate thing, Apple fixed this bug and begin to distribute updater.
Since Apple fixed this serious bug, I decided to open to the public.
This is very serious security bug.
All Jaguar user should update immediately.
I prepared the test easy here.
If link below is clicked, a Terminal will start and "ls -la" command will be executed by your authority.
telnet://|ls -la
Your use of updater vanishes this brittleness.
name:Taiyo FUJII
E-Mail:taiyo@vinet.or.jp
Sorry, I don't have slashdot account.
This update replaces the entire Terminal.app.
It is now 528kb in size, as opposed to the previous 439kb.
I've also noticed that it launches noticably faster after the update. Perhaps Apple added some tweaks in addition to the security changes.
(no, it isn't the updated prebindings. I just did that myself this morning).
Simple solution.
Use the Mac like it's supposed to be used, not like a damned windows box.
When you close a terminal window, use Apple+W, NOT Apple+Q. Mac's are document-based, not application-based. Close the window, not the terminal app.
Now, when you click on the terminal again it will open up a new window in a fraction of the time.
Justin Dubs
I didn't know a thing about this exploit until I heard there was a patch for it. Not to bash or anything, but if it was MS, it would have been all over the news before the fix came out. Guess there's something to be said for being the minority player after all :)
Come to the University of Mars! Classes starting soon!
Like highlighting the text to copy then just middle clicking to paste
If I recall correctly, this feature existed in the Sparc 2 which we had at our highschool which ran solaris. This is not a linux development. It may be a *NIX varient development, but not linux.
Linux is completely customizable, you can change everything about the desktop, kde and gnome are very flexable. If you dont like something you can pull the src apart and change it. (I wrote a couple patches my self because I like to use the mouse scroll to shade and unshade windows on the top bar)
All of this can be done with OS X too. You can even kill Aqua and just use it for apps that require Agua and use another windower in it's place for most of your work.
We have also made our own freetype fonts. So we dont have to steal them from microsoft. But we can also install the microsoft fonts if we want our desktop to look like a windows box.
Apple has their own fonts too, what's your point?
Linux developers are very innovative we have more updates and enhancements than macosx and windows put together
And how many of those updates were because they were nessesary to get a feature that has been availible in other OSes for a long time? Seriously, most of linux updates have just brought it closer to being comparable with the modern OSes, not major improvements.
A good Itunes replacement would be xmms, yes its a clone of winamp, but there is nothing wrong with that, FREE THEMES!
Themes don't replace functionality. You have no idea how useful something like a live search feature is untill you've become used to it iTunes is far superior to WinAMP
I will grant that linux developers are innovative and that Linux is a fun system to toy arround with, but they are no more innovative than paid programmers and sadly do make most of their software from other peoples ideas (because otherwise no one would use Linux because people are too fricken dumb to learn a new OS, but that's an entirely differnt rant)
T Money
World Domination with a plastic spoon since 1984
Because text OSes always launch faster than GUI OSes. Come back when you're using Gnome or KDE
T Money
World Domination with a plastic spoon since 1984
Umm, tab complete is in the OS X terminal. I don't see what the problem is? If you just want to use the text based system log in as
>console
T Money
World Domination with a plastic spoon since 1984
I haven't tried it and unfortunately my iBook is in the shop, but does command Fkey work in OS X for switching to virtual terminals? That would at least give you 8 terminals
T Money
World Domination with a plastic spoon since 1984
I wouldn't know specificaly, but I would be willing to bet you could get most of your costomizations from www.macosxapps.com Granted it's not a built in feature, but you have to consider that sometimes, espesialy when you're developing a system for new users. One of the big problems with Linux is the myriad of options. Sometimes you never know what to do. Linux should really have a simple GUI option, sort of like the mac OS Simple Finder option. That could potentialy bring more desktop users to the OS.
As for your father, I'm not going to assume anything before I know the exact problem because that would be rude. But from what you described, all he would need to know how to do is to start the program, press play stop and skip and quit. Is there somethign else he needed because I know all of those are clearly marked buttons.
T Money
World Domination with a plastic spoon since 1984
Are you certain that Xterm is not availible for OS X or that Fink will not compile it to OS X?
t re views/01/stoton/xtools.shtml
2 01 10081658797
1 09 07082336916
I offer some possibly helpful information here:
http://fink.sourceforge.net/doc/x11/x11.html
http://macreviewzone.com/archive/hardcider/gues
http://www.macosxapps.com/article.php?story=200
http://www.macosxapps.com/article.php?story=200
T Money
World Domination with a plastic spoon since 1984
No. The fkey-virtual-terminals thing is fairly unique to x86 PC clones, as it is a result of the way text mode works on the video cards (e.g. text being passed to the video board instead of a frame buffer arrangement like most other systems). It would certainly be possible to implement similar functionality on other systems, but it wouldn't be nearly so straightforward as on PCs. Linux, in fact, has already done this - the fbcon text consoles do provide exactly this functionality using a frame buffer, so it works on sparc, ppc, etc. Sadly, OS X doesn't. Then again, I wonder how useful it would even be...
I think you mean "XFree86 Developers" and not Linux developers. XFree86 runs on many kernels, not just Linux. The functionality they developed was not specific to Linux, it was specific to XFree86.
I don't mean to nitpick, but once again, you're mixing the names up. The desktop customizability is a function of XFree86 and whatever desktop manager you use, not Linux (which I'll reiterate, is a kernel).
All editorial writers ever do is come down from the hill after the battle is over and shoot the wounded.
So double clicking a window's title bar is too hard? I use WindowshadeX, I have it set so a double click shades the window, just as in OS 9, and the minimize button still minimizes. Are you using the mouse wheel as a button? You can do this with the software that came with the mouse. I have an MS Itellimouse Optical, and use USB Overdrive. If I wanted to I could program the wheel to do this. I have it set so when I click on the mouse wheel it opens a link in a new tab in Mozilla.
Another thing I like to do is to move and resize windows using Alt+mouse button1 and mouse button 2. This is a must have feature for me, it makes navigating the gui alot easier on me.
Once again, that's easier than dragging the window by the title bar? I can move and resize a window with one hand.
You can do a lot of customizing in OS X, you just don't seem familiar with what's available.
-- if it was so, it might be; and if it were so, it would be; but as it isn't, it ain't. That's logic - Lewis Carrol
You can open as many terminals as you like in OS X. Just put their windows where you want.
-- if it was so, it might be; and if it were so, it would be; but as it isn't, it ain't. That's logic - Lewis Carrol
But then again, an iBook with Airport is high on our Christmas wishlist, so perhaps this won't be a problem in the future. Instead of fighting over who gets to use the PowerMac, we'll fight over who gets to roam around the house instead of being chained to the desk. ;-)
Say hello to zMac.