Forgot your password?
typodupeerror

Comment: Re:Fix using Info.plist (Score 1) 359

by foo4thought (#23856919) Attached to: Mac OS X Root Escalation Through AppleScript

This may have come too late in the comments for anyone to see it, but if the exploit is active on your system, adding a key to ARDAgent's Info.plist makes the problem go away without disabling ARDAgent altogether. (Whether or not ARDAgent is a security vulnerability itself is another story.)

<key>NSAppleScriptEnabled</key>
        <string>YES</string>

That "YES" is not a typo; setting it to "NO" does not fix the problem. AFAICT this makes osascript expect that ARDAgent will implement more of its own AppleScript handlers...which of course, it doesn't.


P.S. I searched for other, similar problem setuid apps, and turned up check_afp.app (which someone else posted already) and, surprisingly, GoogleUpdaterInstaller. Fortunately, even though these apps run setuid, they won't respond to the "do shell script" attack.

yes it works once, but it doesn't seem to persist.
    i.e. the process of demonstrating that it works exercises the application into overwriting its Info.plist file and obliterating the edit.

"Maintain an awareness for contribution -- to your schedule, your project, our company." -- A Group of Employees

Working...