[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl] unmounting from macperl



At 19:06 12/6/96, ??? wrote:
>On Fri, 6 Dec 1996, Clinton MacDonald wrote:
>> AppleScript is a marvelous and robust scripting language for driving
>> applications (including the Finder) on your own desktop. Matthias is
>> working to incorporate AppleScript into MacPerl for that reason.
>
>To introduce security holes onto people Macintoshii ;-)

I don't see how anyone could crack any of my MacPerl or AppleScript scripts
on my Mac through the web to do anything evil.  I am much more worried
about the risks posed by my Solaris programs, for one simple reason:
command line interface.  Now, true, the MacPerl interpreter accepts text
commands, but only from within a script or app ... you can't write [rm *.*]
or [MacPerl -e 'unlink "Macintosh HD:System Folder"'] and have it do
anything meaningful.  You need to get inside the app.  AppleScript is even
more difficult to crack, because you have to compile your script first.
Now, it is possible to write a script that erases your hard drive and make
it publically accessible, but that would not be a security hole caused by
AppleScript or MacPerl any more than it would be the fault of your car
alarm if you left the car unlocked with keys in the ignition ...

>>    *JavaScript*...now that might be a security risk, but I think the people
>> at Sun (and Netscape) are trying to eliminate those features as rapidly as
>> possible.
>
>Colour me doubtful on that count.  If anything they've work towards the
>exact opposite.

This is a side issue, but I know of no existing JavaScript security hole of
any significance.

Fighting paranoia where it exists ...

#================================================================
perl -e 'srand();if(rand>.5){$i=0;foreach(@ARGV){@$i=split(//);$z
[$i]=0;foreach(@$i){$s[$i][$z[$i]]=$_;$z[$i]++;}$i++;}foreach(@s)
{foreach(@$_) {print}print" ";$_++}}else{print(join(" ", @ARGV))}
print"\n"' McClellan Clan Motto: Think On

Chris Nandor                                      pudge@pobox.com
PGP Key 0xB76E72AD                              http://pudge.net/