|
|
Focus on Apple
Re: .dmg file exploit Nov 21 2006 09:08PM mfossi securityfocus com (2 replies) Re: .dmg file exploit Nov 21 2006 09:49PM Roland Dobbins (rdobbins cisco com) (2 replies) Re: .dmg file exploit Nov 22 2006 03:25PM mfossi securityfocus com (1 replies) Re: .dmg file exploit Nov 22 2006 04:04PM Roland Dobbins (rdobbins cisco com) (1 replies) Re: .dmg file exploit Nov 22 2006 06:02PM Martin Roesch (roesch sourcefire com) (3 replies) Re: .dmg file exploit Nov 22 2006 06:40PM Jeramey Valley (ValleyJR mps k12 mi us) (1 replies) |
|
Privacy Statement |
Hash: SHA1
I was actually just digging into that very source code to see how
easy/hard it would be do. They open sourced the code for Paranoid
Android last year IIRC. Just on my initial glance it looks fairly
hairy and I don't know which function to intercept in order to get
into the call path. That said, it looks like this codebase could be
a good starting point for doing just that.
Here's a link to the project on Sourceforge for anyone who wants to
dig around in the code.
http://sourceforge.net/projects/paranoidandroid/
The other thing we'd need to know is the DMG file format so we could
validate it on load. It'd also be nice to know exactly what the
problem is... :)
-Marty
On Nov 22, 2006, at 1:37 PM, Roland Dobbins wrote:
>
> On Nov 22, 2006, at 10:02 AM, Martin Roesch wrote:
>
>> If there was a sufficiently enterprising individual or group out
>> there I'm sure that there's got to be a way to intercept Finder
>> when someone double clicks on a file and validate the file before
>> handing it off to the automounter. Unfortunately, my OS X systems
>> programming skills aren't really up to snuff at this point so all
>> I can do is wax profound on how useful that would be...
>
> Remember when the unsanity.com folks did the Paranoid Android haxie
> for Safari, until Apple had time to develop a fix?
>
> http://www.unsanity.com/haxies/pa
>
> Maybe we could ask them if they've the cycles/interest in this
> issue, as well?
>
>
> ----------------------------------------------------------------------
> -
> Roland Dobbins <rdobbins (at) cisco (dot) com [email concealed]> // 408.527.6376 voice
>
> All battles are perpetual.
>
> -- Milton Friedman
>
>
>
- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFFZLMVqj0FAQQ3KOARAs58AJ4powCoGM4RSn3n1hPI3PJVA20jrwCdGX0/
xPKm8iNIFU01WwPviXSrw+E=
=w3f5
-----END PGP SIGNATURE-----
[ reply ]