Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Two ways to possibly close an ARDAgent security hole' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Two ways to possibly close an ARDAgent security hole
Authored by: jaguarcy on Jun 22, '08 06:34:09PM
Simply prevent ARDAgent from being allowed to run scripts as root...:

% osascript -e 'tell application "ARDAgent" to do shell script "whoami"'
root
% sudo chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent
% osascript -e 'tell application "ARDAgent" to do shell script "whoami"'
Constantinos


[ Reply to This | # ]
Two ways to possibly close an ARDAgent security hole
Authored by: allanmarcus on Jun 23, '08 07:58:18AM

until a repair permission is run, then the problem returns.



[ Reply to This | # ]