Rixstep
	`About \| ACP \| Buy \| Industry Watch \| Learning Curve \| News \| Products \| Search \| Substack`

Home » Industry Watch

.DS_Insecure

Cackle cackle.

Get It

Try It

The HI hens and 'software evangelists' in Cupertino have been aware for some time of a security vulnerability in the .DS_Store file: Believe it or not, it contained sensitive system information, meaning any unwitting admin who uploaded pages to the web could be victimised in the following fashion:

GET http://www.stupidsite.com/.DS_Store HTTP/1.0\r\n\r\n

And you'd smell the burning bread instantly.

To Apple's credit, they corrected this unforgivable boner; to their eternal shame, they let it happen in the first place.

Why belabour an old security advisory? Because it has been Apple's policy to not mention these insidious critters to anyone - even when the online threat was serious.

What follows is an exchange that began several months ago. Members of the ADC were asked to comment on Apple's new 'Internet-enabled DMGs'. Rixstep had already gone over to TGZ, but as Apple specifically asked for comments, we felt obliged - and that may be the last time we'll take these people at their word.

From: Rixstep Date: Sat, 08 Mar 2003 04:26:10 +0000 To: Apple Subject: Internet-Enabled Hi, I don't like the idea of internet-enabled DMGs - not yet. The reason is that it still gives the user a lot to do. The user has to chase the DMG to the Trash. Many of our users don't use the Trash. Still more do not use the Finder. Still others don't like the .DS_Store files hanging around, and as soon as that Finder starts up once, you have a lot of cleaning to do. We're power users, so our preferences are naturally going to be a bit different.

We got a classic reply from a 'software evangelist' [sic].

From: Apple Date: Sat, 25 Mar 2003 To: Rixstep Subject: Re: Internet-Enabled Why do your users care about .DS_Store files? They're invisible. John Geleynse Manager, Software Evangelism [sic] and User Experience Evangelist [sic] Apple Worldwide Developer Relations

JG was sent this reply.

From: Rixstep Date: Tue, 25 Mar 2003 22:00:48 +0000 To: Apple Subject: Re: Internet-Enabled .DS_Store files are not invisible - not to power users. They're only used by the Finder, and our power users don't use the Finder - not directly. And it doesn't matter if they're invisible or not - they consume disk space. For that matter, they also have a tendency to 'confuse'. Downloads give people a view of how the vendor looked at files, not a view the user might want. Lastly, they're not always invisible even in the Finder. You can use that global flag to turn them visible.

And that's where it all stayed, until we found out about the vulnerability.

From: Rixstep Date: Mon, 26 May 2003 06:40:03 +0000 To: Apple Subject: .DS_Store Security Vulnerabilities http://www.securityfocus.com/bid/3324/info/ You knew this when you wrote to us, didn't you, John? What did you write, John? 'Why do your users care about .DS_Store files? They're invisible.'

To which he replied:

From: Apple Date: Mon, 27 May 2003 19:50:04 +0000 To: Rixstep Subject: Re: .DS_Store Security Vulnerabilities My comments about users and .DS_Store files related to the overall user experience of an installation, period. I was not thinking about security related issues at all.

The coda:

From: Rixstep Date: Tue, 27 May 2003 20:56:18 +0000 To: Apple Subject: Re: .DS_Store Security Vulnerabilities But that's a very damning statement, all things considered. 'Ignorance is bliss'? Those little critters get everywhere. As they are invisible, most users will be uploading them to their websites without knowing it. Is that good? .DS_Store can and should be used in the situation where an individual folder is to be displayed in a manner not identical with the global settings; why then will a system become littered with them, even though no folder display deviates from the global norm?