> > So "rm -rf /" wipes your whole hard drive. If you have the permissions > to do it. Because the exploit actually opens a terminal, it could > theoretically do this, but note that the guy could not get a command > with spaces to work. I have ideas for possible easy ways around this, > though.
The article I saw mentioned a couple of straightforward workarounds. > On Mac OS X, only the "root" user can do this, and the root user isn't > even enabled by default. "Administrator" users have limited root-like > powers but you need to enter your password each time you try to do > anything potentially damaging. Anyone can *try* rm -rf / The root user would succeed in deleting everything. A regular user wouldn't be able to delete the OS itself, but would be able to wipe out all their own data files. That's devastating enough :-( > Now this AppleHelp service... I don't think its a service in the same > terms as file sharing, ftp access or remote login. It certainly isn't > listed in my services panel (under Sharing in the system preferences). > So if it can be disabled, it might not be a trivial thing to do. > > I'm just going to wait for Apple to release a patch, and get on with my > life :) That seems like the approriate course of action.
