Problems with Security Update 2004-06-07

The TidBITS article describing Security Update 2004-06-07 says:

It also removes the registration of the disk URL scheme so disk images accessed via disk URLs no longer mount automatically.

Which matches the information found at <http://docs.info.apple.com/article.html?artnum=61798>

which states:

Discussion: The registration of the disk:// URI type is removed from the system as a preventative measure against attempts to automatically mount remote disk image file systems.

But these statements do not match my experience.

After installing Security Update 2004-06-07 I did the following:

Opened RCDefaultApp (version 1.1.1) Clicked the URL Button Scrolled throught the list of protocols checking the status of each Reset the afp protocol to Finder Reset the disk protocol to Disk Copy went to <http://test.doit.wisc.edu/> to test the afp and disk exploits

When I click the disk link just below the automated example heading

I see a DiskCopy start up and mount a disk image. DiskCopy responds with a dialog telling me "test.dmb" was successfully mounted. This is almost immediatedly followed by an alert with boldface type that reads

The Internet location you are openning will open the application "test" for the first time. Are you sure you want to open this application?

From this I conclude the disk:// URI has not been removed. It is still possible for disk images to mount automatically. But the vulnerability no longer exists.

I do note the disks:// URI that was present when I first installed RCDefaultApp no longer seems to exist.

On 6/10/04 6:15 PM, "bitreader" <bitreaderearthlink.net> wrote:

> From this I conclude the disk:// URI has not been removed. It is still
> possible for disk images to mount automatically. But the vulnerability no
> longer exists.
>
> I do note the disks:// URI that was present when I first installed
> RCDefaultApp no longer seems to exist.

If you have Disk Copy installed, that messes things up, since that is not a
part of Panther, but part of jaguar.

john

--
John C. Welch Writer/Analyst
Bynkii.com Mac and other opinions
jwelchbynkii.com

On 11/6/2004 11:15 AM, "bitreader" <bitreaderearthlink.net> spake thus:

> From this I conclude the disk:// URI has not been removed. It is still
> possible for disk images to mount automatically. But the vulnerability no
> longer exists.
>
> I do note the disks:// URI that was present when I first installed
> RCDefaultApp no longer seems to exist.

I can confirm (using RCDefaultApp) that on my system, both the disks:// or
disk:// URI schemes have vanished. Obviously something unusual has happened
in your case.

--
=Nigel Stanger, Dunedin, NEW ZEALAND.
mailto:nstangerinfoscience.otago.ac.nz

Hi,
I'm having the same problems that Bill is: on my G4/400 OS10.2.8, when
I double-click a file to open an app I get the "this is the first
time..." message. It looks like this is happening with non-Apple apps.
Also the icons for files created in these apps have reverted to
low-quality images of previous versions of the app... until I go through
process of opening the app for the first time at which point they revert
to the higher-quality icon for the current version of the app. The apps
will open from the Dock the first time without going through the "first
time.." song and dance, and it seems to solve the problem for that app.
Weird, but I'm glad to know why this is happening!
Albo

>

On 06/10/04, bitreader wrote:

The TidBITS article describing Security Update 2004-06-07 says... But these statements do not match my experience.

Then you need to update the LaunchServices database. See the article at <http://www.theregister.com/2004/06/09/apple_security/> and the update procedure at <http://www.macosxhints.com/article.php?story=20031215144430486>.

On 6/12/04 at 4:33 AM, albocritpath.org (albo) wrote:

>Hi, I'm having the same problems that Bill is: on my G4/400
>OS10.2.8, when I double-click a file to open an app I get the
>"this is the first time..." message.

Although this isn't the issue I was describing, I do see this occurring. But if I understand the patch correctly this is to be expected.

My understanding is the "this is the first time ... " message appears whenever an application is launched via Launch Services rather than directly by double clicking on it. When you launch an application by double clicking on a file, you are using Launch Services to launch the application.

But this should only happen if the first time you use an application after installing the security update it is launched via Launch Services. Once you allow the application to open, you should no longer get the message and the application should launch as it did before installing the security update.

On 6/12/04 at 4:33 AM, jwelchbynkii.com (John C. Welch) wrote:

>If you have Disk Copy installed, that messes things up, since that
>is not a part of Panther, but part of jaguar.

I do have Disk Copy installed and I am running Panther. So, this may well be the reason I did not see the disk:// URL removed. But this makes me wonder what those running Jaguar would see. The description of the security update doesn't indicate the disk:// URL would be removed for Panther and not Jaguar which is what should be expected if you are correct.