14 DAY TRIAL // Last week, security firm Intego was reporting a vulnerability connected to Apple's Remote Desktop Agent in Mac OS X, which allows shell scripts to be run as root. The vulnerability allegedly allows malicious programs to execute code as root when run locally, or via a remote connection, on computers running Mac OS X 10.4 and 10.5. While Apple is patching the issue, code savvy folks have come up with a workaround.
Since running code through the ARDAgent executable is done as root, it will not require a password. "When an application enables a root privilege escalation of this type, any malicious code that is run may have devastating effects," said Intego in its original report.
The vulnerability takes advantage of the fact that ARDAgent has a setuid bit set, which gives any user running such an executable the privileges of the rightful user of the executable. Since ARDAgent is owned by root, running code via the ARDAgent executable is also done by root, which means it doesn't require a password. The exploit depends on ARDAgent?s ability to run AppleScripts, which may include shell script commands, the security firm explained last week.
However, MacFixIt wrote yesterday that they have a solution, a workaround to be precise. According to them, Apple is aware of this problem and busy at releasing a patch. Until that happens, users can run the following command to remove the setting of user/group ID upon execution to prevent the execution of commands as root.
sudo chmod -s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent
The web site claims there's also the possibility for this command to lead to a faulty screen sharing behavior. If this happens users may revert the changes by entering the same code with the "+s" option instead of "-s." Here's how:
sudo chmod +s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent