Warrior Tang (![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small} tangaroa) wrote,@ 2008-06-19 09:33:00 |
|
| Current mood: |  amused |
| Current music: | Red Hot Chili Peppers - Scar Tissue |
OSX local root exploit on slashdot
From Slashdot: How to gain root privileges on an OSX box:
osascript -e 'tell app "ARDAgent" to do shell script "whoami"';
ARDAgent is Apple's Remote Desktop server. Apparently, it runs as root and has authority to launch any process you tell it to, which runs under its security credentials. Oops. The slashdot comments say you can "fix" it by taring up the ARDAgent directory, effectively disabling the program.
"tell app" is some kind of interprocess communication like RPC, though it is not clear what the underlying method is. This page says the method might be "Apple Events".
It is interesting how much the AppleScript language resembles plain English. Personally, I prefer my programming languages to be more clearly structured than English is.
