Sunday, June 22, 2008

More on the ARD thing

Just a couple of links I have found while searching more info on the ARDAgent security flaw.

Mac OS X Root Escalation Through AppleScript
neutering the apple remote desktop exploit
ARDAgent setuid allows root access, but there's a sort-of fix
Workaround for the ARDAgent 'setuid root' problem
Local Privilege Escalation via ARD

To this point it seems like it is real (doh!) but there are reports on which the exploit does not work, on my Quicksilver, for instance, it does not seem to be working the way that it should.
How long would Apple take to release a fix? I just hope they don't take as long as they took to release the Time Zone Data fix for Argentina... That is, never.

Labels: , , ,

0 Comments:

Post a Comment

<< Home