While getting up to speed with Slashdot, I found an interesting article about a security breach on Mac OS X that allows user escalation through AppleScript.
Trying it on the terminal works, but, as they say, the user needs to have physical access to the machine. So, Patrício suggested trying to access through SSH to see if it works, and it did.
Slashdot member gombah99 posted a tip on how to neutralize it non-destructively:
-
cd /System/Library/CoreServices/RemoteManagement/
-
sudo tar -czf ARDAgent.app.gz ARDAgent.app
-
sudo chmod 600 ARDAgent.app.gz
-
sudo rm -r ARDAgent.app
Here’s to you, Apple Un^H^HSecurity Team!
@Scott Swank: It still works, because it is compressed recursively.
@Gerry Power: Thanks. Updated
You created a tar file of the app, but you also need to remove the original app:
sudo rm -r ARDAgent.app
Otherwise, the application is still available, leaving the security hole.
Mac OS X root escalation through security flaw…
[...]Security breach that allows a regular user to escalate to root privileges using AppleScript. Works through SSH too.[...]…
You forgot /Content/ at the end of that path.
[...] http://blog.andremedeiros.info/2008/06/mac-os-x-epic-fail/ [...]
zomgwtfbbq!
Anyways, sudo rm -rf / also solves it >:3