-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oh, I know. The main way that many people open DMGs is by a double-
click from the Finder, assuming they've turned off automounting in
Safari. This is another band-aid solution but it could provide
coverage for a lot of people (probably most of them).

Since Disk Utility can also cause the vulnerability to go off as
well, hopefully there would be a convenient place to intercept the
common mounting function that calls into the vulnerable filesystem
driver. Once again, I don't know OS X's guts well enough to comment
beyond that at this time.

-Marty

On Nov 22, 2006, at 1:40 PM, Jeramey Valley wrote:

> At 1:02 PM -0500 11/22/06, Martin Roesch wrote:
>> If there was a sufficiently enterprising individual or group out
>> there I'm sure that there's got to be a way to intercept Finder
>> when someone double clicks on a file and validate the file before
>> handing it off to the automounter.
>
> Same error happens when directly mounting the DMG with Disk
> Utility. Mucking with the Finder would not appear to be a solution
> either.
> --
>
> Regards,
>
> Jeramey Valley
> ValleyJR (at) mps.k12.mi (dot) us [email concealed]
> Network Services Manager
> Midland Public Schools
>

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFFZLG1qj0FAQQ3KOARAjKiAJwJYb20VcaST/2O+F+VHzmk46KYTwCeNkOs
+gbm3uK0jwu4a7iJDy9EOQA=
=2LTO
-----END PGP SIGNATURE-----

[ reply ]