Le 19 juin 08 à 20:48, Charles Steinman a écrit :
This is in fact a Cocoa vulnerability, so it seems relevant to this list. All Cocoa applications automagically come with rudimentary AppleScript support (including "do shell script"), so any Cocoa app that runs with suid is a security risk unless you short circuit the Foundation scripting support.Cheers, Chuck --- On Thu, 6/19/08, Jerry LeVan <[EMAIL PROTECTED]> wrote:From: Jerry LeVan <[EMAIL PROTECTED]> Subject: Cocoa can be used to execute arbitrary (privileged) code ! To: "cocoa-Dev Dev" <cocoa-dev@lists.apple.com> Date: Thursday, June 19, 2008, 7:22 AM Last night while browsing Slashdot I found this: http://it.slashdot.org/it/08/06/18/1919224.shtml It gives a simple command that can be used to basically execute code as root. osascript -e 'tell app "ARDAgent" to do shell script "whoami"' The above will print "root" and replacing "whoami" will other commands will cause the commands to be executed as root. Looks like a job for NSTask... This is certainly easier than using the Authentication protocols :) The "root" problem is that the ARDAgent executable is suid'ed to root! I was surprised than none of the common mac sites has picked up on this... Jerry _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/acharlieblue%40yahoo.com This email sent to [EMAIL PROTECTED]_______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/devlists%40shadowlab.org This email sent to [EMAIL PROTECTED]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]
