The most recent 20 comments posted to Making Light by Chris Burkhardt:

Posted on entry Bleeping huge security hole ::: May 18, 2004, 10:30 PM:

d'oh, I'm slow and don't preview correctly even when I'm forced to. Sorry about that less understandable echo of Jay. :-[

Yoon: I haven't read whether this affects anything but Panther (though I rather suspect it does :-( )

Posted on entry Bleeping huge security hole ::: May 18, 2004, 10:27 PM:

No, I don't think it can run "rm -rf /", because the executable name can't have spaces in it (so you can't pass arguments to shell commands).

But what a malicious person CAN do is remotely mount a disk image which contains a script with no spaces in it's name which calls "rm -rf /", which is in turn executed by this flaw.

More complicated, but the same sad result :)

Comment statistics for Chris Burkhardt on the Making Light blog

Year	Number of comments posted
2004	2

Total: 2 comments. View all these comments on a single page.