Re: Cocoa can be used to execute arbitrary (privileged) code !

Jean-Daniel Dupas Fri, 20 Jun 2008 03:31:43 -0700


Le 20 juin 08 à 06:09, Ken Thomases a écrit :

On Jun 19, 2008, at 10:39 PM, Jens Alfke wrote:
It might not be a bad idea to proactively disarm this vulnerability on your own machine(s), as I just did:
sudo chmod -s System/Library/CoreServices/RemoteManagement/ ARDAgent.app/ARDAgent
That's
sudo chmod -s /System/Library/CoreServices/RemoteManagement/ ARDAgent.app/Contents/MacOS/ARDAgent
-Ken

You may also use an exploit that correct the hole, so no sudo require ;-)

osascript -e 'tell app "ARDAgent" to do shell script "chmod -s /System/ Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ ARDAgent"'

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to [EMAIL PROTECTED]

Re: Cocoa can be used to execute arbitrary (privileged) code !

Reply via email to