[23054] in bugtraq
Re: MacOS 9.x, Internet Explorer, Local Vulnerability
daemon@ATHENA.MIT.EDU (CDE Francis)
Fri Nov 2 00:30:14 2001
Date: Thu, 01 Nov 2001 15:41:29 -0500
From: CDE Francis <fuy@jhu.edu>
In-reply-to: <200110311748.f9VHm5N06904@haackey.com>
To: Neeko Oni <neeko@haackey.com>
Cc: bugtraq@securityfocus.com
Message-id: <a05100301b8075fe62381@[128.220.149.100]>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii; format=flowed
At 9:48 AM -0800 2001/10/31, Neeko Oni wrote:
> While in the college media lab I attempted to run MacSSH to get
> onto my home desktop, I received an error message telling me I
> did not have access to run said program. By launching Internet
> Explorer 5 Macintosh Edition, and creating a 'ssh' helper application
I'm pretty sure this is due to Internet Config, the control panel that
manages file helpers (among other things). Any application that calls
Internet Config to handle URLs should exhibit the exact same behavior.
Remember that the MacOS 9.x "Multiple User" extension is NOT intended
to be secure. Anyone with physical access to the Mac can use any file
or application with a few minutes of work (at most). This is BY DESIGN.
-F.
