• On BNET: Bill Gates on the iPad
advertisement
May 21, 2004 8:00 AM PDT

Help Viewer/browser security vulnerability (#3): Terminal fix; Opera immune

by CNET staff

Continuing our coverage of a potential vulnerability in OS X relating to browsers' use of the help URL protocol (exploitable through any browser that properly supports URLs that include the "help" protocol), there is a new fix that can be applied via the Terminal that does not require disabling/redirecting the Help protocol (as our previous fix entailed) as well as word that the Web browser Opera is immune to the vulnerability.

Terminal-disabled automatic launching This command changes the internal .plist for Help Viewer so that the preference for automatically launching scripts is now "no". Note that you should also disables Safari's "auto open safe files" preference (in the "General" pane of Safari's preferences).

The Terminal command is (one line, spaces after "sudo" "defaults" "write" "" "Info" "Enabled" and "-bool"):

sudo defaults write '/System/Library/CoreServices/Help Viewer.app/Contents/Info' NSAppleScriptEnabled -bool 'no'

[NOTE: A quirk in our publishing system causes the escape character "" (which should be between 'Help' and 'Viewer.app' to be omitted from the above Terminal command when appearing on the main MacFixIt page, causing Terminal to return the error "Unexpected argument -bool; leaving defaults unchanged" when entered. We've changed the command to quote the filename path instead of using the escape character, so it should work properly now.]

Opera immune Several readers have noted that they cannot reproduce produce the exploit browsing with Opera, because it does not support the "help:" protocol, as noted on the opera.mac news-group:

One reader wrote " I tried the demo page http://bronosky.com/pub/AppleScript.htm> with Opera and only got an error message 'The address type is unknown or unsupported.' So far so good?"

Opera developer Rijk van Geijtenbeek" subsequently responded: "Yes :) MacOpera doesn't support the Mac 'help:' scheme. It might be possible to enable it (if you dare) from 'Preferences > Programs and paths'. There is a reason why Opera (on any platform) doesn't enable by deafult passing random strings to the operating system for any registered scheme like 'irc:' or 'rtsp:' or 'edk:' or 'mms:' etc."

Resources

  • previous fix
  • More from Late-Breakers
    • Topics:

    News,

    Troubleshooting

    Tags:

    Late-Breakers

    Recent posts from MacFixIt
    iTunes 10 user interface sees some minor changes
    Apple seeds iOS 4.1 Gold Master to developers
    Possible fix for Harman Kardon iSub problems with PowerPC Macs
    Precautions to take before installing iTunes 10
    A reminder on how to reset your Mac's system password
    Mail messages appearing blank
    Adobe Lightroom update brings direct Facebook publishing; Camera Raw 6.2 released
    Weekly troubleshooting utilities update
    Add a Comment (Log in or register) (9 Comments)
    • prev
    • next
    by andyfsb May 21, 2004 8:10 AM PDT
    I have discovered after using this command in Terminal, you have to run
    Repair Disk Permissions in order for help to launch. If not the program fails to
    launch even for the keyboard shortcut command-shift-?.
    Reply to this comment
    by appleman--2008 May 21, 2004 8:10 AM PDT
    <class="merchant"><span>&#62;</span><div class="datestamp"><i>This is a reply to a previous comment by andyfsb</i></div></class><br />
    i get a -bool unknown, unchanged when i input the info from the web page. am i doing some thing wrong?
    this iswhat i ran in terminal :
    <p>sudo defaults write /System/Library/CoreServices/Help Viewer.app/Contents/Info NSAppleScriptEnabled -bool 'no'</p>
    Reply to this comment
    by cps@uvic.ca May 21, 2004 8:10 AM PDT
    <class="merchant"><span>&#62;&#62;</span><div class="datestamp"><i>This is a reply to a previous comment by appleman--2008</i></div></class><br />
    You need to account for the space in the name Help Viewer. Either put the
    entire path and name in quotes, or escape the space.

    Either

    sudo defaults write "/System/Library/CoreServices/Help Viewer.app/
    Contents/Info" NSAppleScriptEnabled -bool 'no'

    or

    sudo defaults write /System/Library/CoreServices/Help\ Viewer.app/
    Contents/Info NSAppleScriptEnabled -bool 'no'
    Reply to this comment
    by Mark Douma May 21, 2004 8:43 AM PDT
    Um, yes, that's brilliant people. (MacFixit, that is).

    'Help Viewer.app' has a space in its name, so the full path should be quoted,
    or the space escaped.

    Use the following command in Terminal (should be one continuous line; be
    careful about the extra characters that copying from Safari might tack onto
    the end):

    sudo defaults write '/System/Library/CoreServices/Help Viewer.app/
    Contents/Info' NSAppleScriptEnabled 0

    Hope this helps....
    Reply to this comment
    by remo May 21, 2004 10:26 AM PDT
    The commands that should be run are:

    sudo defaults write /System/Library/CoreServices/Help\ Viewer.app/
    Contents/Info NSAppleScriptEnabled -bool 'false'
    sudo chmod 644 /System/Library/CoreServices/Help\ Viewer.app/Contents/
    Info.plist

    (hopefully nothing gets messed up in the formatting)

    The first command sets the value of the key NSAppleScriptEnabled in the Help
    Viewer.app's Info.plist file to 'false' (which IMHO is more correct that 'no') and
    the second command fixes the permissions on the file (since the 'defaults'
    command changes them to 600)
    Reply to this comment
    by remo May 21, 2004 10:26 AM PDT
    <class="merchant"><span>&#62;</span><div class="datestamp"><i>This is a reply to a previous comment by remo</i></div></class><br />
    Let's try that again with HTML formatting to keep the lines from breaking:
    <pre>
    sudo defaults write /System/Library/CoreServices/Help Viewer.app/Contents/Info NSAppleScriptEnabled -bool 'false'
    sudo chmod 644 /System/Library/CoreServices/Help Viewer.app/Contents/Info.plist
    </pre>
    Reply to this comment
    by Rosyna--2008 May 21, 2004 6:25 PM PDT
    So a limitation in Opera is now a feature?
    Reply to this comment
    by iGreg May 21, 2004 6:25 PM PDT
    <class="merchant"><span>&#62;</span><div class="datestamp"><i>This is a reply to a previous comment by Rosyna--2008</i></div></class><br />
    WHAT THE HECK IS THAT BRONOWSKY PAGE ABOUT. IT CAUSED TERMINAL TO
    OPEN AND A LONG LIST OF STUFF APPEARED. WAS SOMETHING DAMAGED.

    http://bronosky.com/pub/AppleScript.htm

    A WHOLE BUNCH OF MY APPLICATIONS AND THEIR FILES APPEARS ON THE
    TERMINAL LIST. WHAT GIVES WITH THIS?

    ---
    iMac G4, 17&quot;, 1GHz,
    OS 10.3.2, 768 MB RAM
    Reply to this comment
    by guy.hemmings May 24, 2004 3:54 AM PDT
    To remove risk to my Mac, can I not simply delete the Terminal
    app. as it is not normally needed for basic users? Is it necessary to have
    it continuously available? If not, it could be loaded from other media
    when needed...

    Guy
    Reply to this comment
    (9 Comments)
    • prev
    • next
    Reviews & advice
    Site map
    Editorial policies
    Meet the editors
    How we test
    Forums
    Internet speed test
    Popular topics
    Apple iPhone
    Apple iPod
    Cell phones
    CES 2010
    GPS
    LCD TV
    CNET sites
    CNET Site map
    Video
    Downloads
    News
    Reviews
    Shopper.com
    More information
    Newsletters
    CNET Mobile
    CNET Widgets
    Customer Help Center
    RSS
    CNET API
    About CNET
    sponsored