Meth
method@yikes.com
On Tue, 20 May 1997, Nathan Dorfman wrote:
> Please don't flame me for posting Mac stuff to a UNIX list I see NT
> crap here all the time, and thought some admins may think twice before
> running At Ease (or before running Macs in the first place).
>
> SYNOPSIS: At Ease apparently doesn't patch the kernel to introduce file
> restrictions, but modifies a library that programs call to display an
> Open File dialog box.
>
> IMPACT: This bug allows a user to read files and directories he shouldn't
> have access to under the At Ease system.
>
> DESCRIPTION: Under At Ease, files and folders that you shouldn't have access
> to are grayed out in Open File dialogs. Using a program like Netscape you
> can bypass the dialog, using a URL such as:
>
> file://TZHS%20HD%202/Documents/Dorfman%20Nathan
>
> Note that the implementation of Netscape used automatically converted
> spaces to %20 combinations as required by HTTP 1.1 (RFC 2068):
>
> file://TZHS HD 2/Documents/Dorfman Nathan/
>
> Will show the contents of that folder. For non-text files, you can simply
> save the file into a folder you DO have access to and use the appropriate
> program to open it.
>
> EXTRA NOTES: Netscape will not let you modify the folders but a simple program
> can be written that takes a filename in a text-box and opens the file from its
> location, without copying. If you can write Mac code, and are willing to,
> please send to nathan@senate.org.
>