Latest in Palm

Image credit:

Beware Palm 4.2.1c Installer?


Earlier this afternoon, Damien at Mr. pointed me to this article at Macintouch that makes the Palm 4.2.1c Installer look, shall we say, a little less than trustworthy. From the article:

"I have just examined the contents of the Palm Desktop 4.2.1 Revision C package installer, and I have come to the conclusion that either PalmOne is intentionally trying to damage our computers, or the software is a trojan horse that someone uploaded in place of the real software. After the program files are installed, the installer runs a shell script called "postflight" that attempts to "fix" any permissions issues which may prevent the program from running properly. Unfortunately, the script violates the most basic programming principle in the universe - thou shalt not alter the files of programs other than thyself - and it does it so blatantly that I can only assume malicious intent." More after the jump.

[Via Mr. Barrett]

"At the end of the script, it runs a final set of commands to change permissions (The "$2" variable is replaced at runtime by "/"):

  • sudo chmod 775 "$2"
  • sudo chown :admin "$2"
  • sudo chmod 775 "$2Applications"
  • sudo chown :admin "$2Applications"
  • sudo chmod -R 775 "$2Applications/Palm"
  • sudo chown -R :admin "$2Applications/Palm"
  • sudo chmod 775 "$2Library"
  • sudo chown :admin "$2Library"
  • sudo chmod -R 775 "$2Library/CFMSupport"
  • sudo chown -R :admin "$2Library/CFMSupport"
  • sudo chmod -R 775 "$2Library/Application Support"
  • sudo chown -R :admin "$2Library/Application Support"

While any bad changes to the "/", "/Applications", or "/Library" directories can be easily fixed by repairing permissions or issuing another single command, the most OUTRAGEOUS and potentially damaging change is the last one:

sudo chmod -R 775 "$2Library/Application Support"
sudo chown -R :admin "$2Library/Application Support"

The "/Library/Application Support" directory is where many programs place critical system-wide configuration and program files that are referenced on an as-needed basis. This is a directory whose permissions should NEVER be changed or altered, lest you end up breaking many of your installed apps. In particular, all sorts of system-level programs such as Anti-Virus and Disk Utilities place parts of themselves there, and any changes to their permissions will prevent them from loading at boot time. Even more dangerous, some programs place symbolic links from that directory to "/System/Library", and running a chmod command that recursively drills down that directory could end up completely trashing your entire system.

In short, this is the most irresponsible and potentially dangerous Mac OS X install program of all time. I have never seen anything this egregiously idiotic, and I have seen some pretty bad install programs. I am placing this in the category of a Trojan Horse, and warning anyone and everyone NOT to install it

Those are pretty strong words. I don't use a Palm OS device, so I can't comment on any observed affect of this software on my machine. So, has anyone had odd experiences with this installer?  Do you have a related horror story? Spill it, Palm users.

From around the web

ear iconeye icontext filevr