On the Safari shell script exploit
reading John Gruber’s account, I had a couple of ideas on what to do about it.
- in Finder, when a file has a custom “Open With” assocation on it, badge the file’s icon with the application icon. in this case, it would have the Terminal icon badged onto it.
- in Safari, add a new warning when a file contains an “Open With” that points to an application that wouldn’t normally handle that type of file. in this case, Terminal does not normally open JFIF files, and this should cause a warning.
discuss.
February 22nd, 2006 at 12:43:00
It would make a lot of sense to do badging. Because the primary interface for both opening files and launching executables (and in the case of a script, both) is through double clicking an icon/name, information about which action you are taking should be given.
In my opinion, a sensible default would be to have all applications sport a pencil-paintbrush-ruler badge until after the initial launch. All files should be badged with whatever opens them, but scripts should have some special indicator.
Terminal or Finder would also do well to default to giving an additional dialog along the lines of “Hey, are you sure you want to run this?”. Maybe that gets in the way, but if you wanted a fast way to running your scripts you’d be on the command line already, where there is a clear distinction between executing something and opening it.
February 24th, 2006 at 06:32:00
Number 1 is similar to the idea I had to get around – although yours would be less obtrusive, since it would only apply to certain executables.
I thought badging all files that are executables would be the way to go, similar to how aliases are badged now.
The ‘flaw’ in your idea, would be that app icons are designed to be bigger than just a badge. A terminal icon at the size of a badge would just look like an ugly black dot.
Ryan’s idea of having a confirmation dialog when running items in the terminal is a good idea. Standard users aren’t going to be using the terminal much, and as long as there is a preference to turn it ‘off’ for people who use the terminal more, it’s all good :)
February 24th, 2006 at 21:16:00
the size of the badge I’m imagining is one-quarter the size of the document icon.
maybe cap it to 16- or 24-pt (either centered within the quadrant, or fixed at the corner), simply because huge badges seem self-contradictory somehow.