Path: utzoo!utgpu!utstat!jarvis.csri.toronto.edu!rutgers!cbmvax!vu-vlsi!swatsun!jackiw From: jackiw@cs.swarthmore.edu (Nick Jackiw) Newsgroups: comp.sys.mac Subject: Re: PublicFolder Keywords: Claris, Public, Security Message-ID: <3314@carthage.cs.swarthmore.edu> Date: 10 Nov 89 20:16:01 GMT References: <6193@tank.uchicago.edu> Reply-To: jackiw@carthage (Nick Jackiw) Organization: Visual Geometry Project, Swarthmore College, PA Lines: 41 In article <6193@tank.uchicago.edu> xdab@tank.uchicago.edu (David Baird) writes: > Does anyone know if a good hacker can use Public Folder to obtain > other files from your hard disk when they are not in the Public > folder/directory? > David I haven't disassembled PF, so this is entirely in my imagination. Hit 'n' now if you like to whine about this newsgroup's volume... When I'm using *my* Public Folder to communicate with *yours* to download stuff from your hard-disk, my copy must obviously ask your copy for all the information on your disk (in that I can't see your disk directly). *Your* PF knows which files are available on your hard disk for access, not *mine*, and will always answer with the ones and only the ones you've made public. Thus by modifying my version of Public Folder, I strongly doubt that I could access all of your hard disk. Now if I modified *your* Public Folder (say, before giving it to you), that would be completely different. I'd modify it to ignore the folder name you'd specified as "public" and instead use the string ":", which --as mentioned here earlier--gives me complete access to your drive. On the other hand, once you imagine circumstances in which you, or gullible User X, accepts systems software from known nefarious disk monkeys like Sinister Hacker Y, you'll soon see that Public Folder is no more potentially hazardous than any other piece of software in your system folder. Disclaimer: I have no relation to Claris, Public Folder, or its author, other than one of remote and platonic enthusiasm. -- _ _|\____ Nick Jackiw | Visual Geometry Project | Math Department / /_/ O> \ ------------+-------------------------+ Swarthmore College | O> | 215-328-8225| jackiw@cs.swarthmore.edu| Swarthmore PA 19081 \_Guernica_/ ------------+-------------------------+ USA