blech:
posted on 2004/05/26 17:09
Rabble-rousing from Chris Nandor in his Slashdot journal.
See also codepoetry on Getting The Security Holes Straight.
jerakeen:
A thought. Why can't the mounting point be under a salted folder name? /Volumes/<randmom>/<name>, instead of /Volumes/<name>?
some explanation - Every exploit I've seen relies on knowing where a file is after you've made the user mount the dmg. If you hide this information, half the exploits go away.
This doens't solve the registering of new url handlers issue, of course.
-trackback-
codepoetry / Starting to Not Care: 2lmc spool - Tevanian should resign A thought. Why can't the mounting point be under a salted folder name? /Volumes//, instead of /Volumes/? some explanation - Every exploit I've seen relies on knowing where a file is after you've made...
blech:
I half-heartedly argued the point with jerakeen offline, but decided not to bicker on the spool.
Here, have an over-designed box instead.
[ 0 days, 4 hours later ]
jerakeen:
Meh, he's right. The 'where the drives get mounted' is a complete side issue compared to the fact that they get mounted at all..
We hate you all. Yes, especially you. Sod off and DIE