Slashdot Mirror

← Back to Users

User: foo4thought

foo4thought's activity in the archive.

Stories
0
Comments
3
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3

  1. Re:That explains things on Book Review: Creating Mobile Apps With JQuery Mobile · · Score: 1

    You could be describing the linked article or m.slashdot.org itself, which is agonizingly slow and unusable on my old iPhone.

  2. Re:Fix using Info.plist on Mac OS X Root Escalation Through AppleScript · · Score: 1

    This may have come too late in the comments for anyone to see it, but if the exploit is active on your system, adding a key to ARDAgent's Info.plist makes the problem go away without disabling ARDAgent altogether. (Whether or not ARDAgent is a security vulnerability itself is another story.)

    <key>NSAppleScriptEnabled</key>
            <string>YES</string>

    That "YES" is not a typo; setting it to "NO" does not fix the problem. AFAICT this makes osascript expect that ARDAgent will implement more of its own AppleScript handlers...which of course, it doesn't.


    P.S. I searched for other, similar problem setuid apps, and turned up check_afp.app (which someone else posted already) and, surprisingly, GoogleUpdaterInstaller. Fortunately, even though these apps run setuid, they won't respond to the "do shell script" attack.

    yes it works once, but it doesn't seem to persist.
        i.e. the process of demonstrating that it works exercises the application into overwriting its Info.plist file and obliterating the edit.
  3. Re:This is great news! on Win4Lin 5.0 Reviewed · · Score: 1
    DISCLAIMER: The views expressed hereafter are not necessarily those of MENSA, which I am only a member of.

    Don't you mean,
    ..... of MENSA, OF which I am only a member. ?