Menu

Safe Terminal 0.3



Published By: Nir Soffer
License Type: Freeware
Date Added: 01 December, 2013
Homepage
Report Error Link


Category: Security & Privacy
Description of Safe Terminal program at Mac Shareware:


Advertisement




Advertisement


Safe Terminal fixes a security weakness with Mac OS X Terminal utility, when it execute shell scripts without the user confirmation.

Safe Terminal fixes a security weakness with Mac OS X Terminal utility, when it execute shell scripts without the user confirmation.

If Safari "Open safe files after download" is enabled, its possible to create malicious shell scripts that will be executed by the Terminal automatically after you download them. It is also possible to create malicious shell scripts that look like a document or a folder, that will be executed by Terminal on double click without warning.

After Safe Terminal is installed, the Terminal utility will show an alert before executing a shell script, allowing the user to confirm or cancel. The usage of the Terminal to type and run commands is not effected in any way.

Installation:
Log in as an administrator.
Copy the folder named "Safe Terminal" in the disk image into InputManagers folder inside the Library folder in the volume Mac OS X is installed. If the InputManagers folder does not exists, create it.
If the Terminal is running, restart it.
If you are not allowed to administer this computer, or want to install only for your account, you may install into the InputManagers folder inside the Library folder inside your home folder.
To verify the installation, double click the file named "test.command" in the disk image. A warning dialog will ask you "Are you sure you want to execute test.command?". Click Cancel or press the Escape key to cancel. Without Safe Terminal a new shell window will open, and the script will execute.

The Safari and Mail shell script execution vulnerability is related to an error in handling of file association by system component called LaunchServices. This error is not fixed by Safe Terminal. It may be possible to attack your computer in other ways, not using shell scripts, exploiting this error.

See Paranoid Android for a fix for the file association handling error and other vulnerabilities.

Known Issues:
Application that use the terminal to execute shell scripts will need a confirmation before the script will execute.

Requirements:
OS X 10.3 and 10.4
PPC





Safe Terminal is a completely free software. You can free download and use it as long as you like.
License: Freeware
Downloads: 14
Size: 56.0 KB

Platform: Mac