Re: Cocoa can be used to execute arbitrary (privileged) code !

On Jun 19, 2008, at 11:39 PM, Jens Alfke wrote: It might not be a bad idea to proactively disarm this vulnerability on your own machine(s), as I just did: sudo chmod -s System/Library/CoreServices/RemoteManagement/ ARDAgent.app/ARDAgent That turns off the setuid bit. I'm sure that'll bre

Cocoa can be used to execute arbitrary (privileged) code !

Last night while browsing Slashdot I found this: http://it.slashdot.org/it/08/06/18/1919224.shtml It gives a simple command that can be used to basically execute code as root. osascript -e 'tell app "ARDAgent" to do shell script "whoami"' The above will print "root" and replacing "whoami" will

Re: 10.5.3 Release Notes?

It appears to me that some people have read some useful info... Just before the release one of the mac 'interest' sites was listing some of the fixes... One item listed was a fix for a problem with CoreImage and NSBitMapImageRep. (something that has caused me grief in the past...). It would

Fixed Column in TableView?

Hi, I could not find much in the archives... There have been several occasions where it would have been very convenient to be able to pin the first column in a table view. I.e. looking at a wide table in a database where the first column is a key value... Has anyone figured out a way to keep t