Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: Cocoa can be used to execute arbitrary (privileged) code !

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cocoa can be used to execute arbitrary (privileged) code !

Subject: Re: Cocoa can be used to execute arbitrary (privileged) code !
From: lbland <email@hidden>
Date: Thu, 19 Jun 2008 10:49:05 -0400

hi-

There are better ways to do this, but I'm not commenting. :-)

thanks!-

-lance

On Jun 19, 2008, at 10:22 AM, Jerry LeVan wrote:

Last night while browsing Slashdot I found this:

http://it.slashdot.org/it/08/06/18/1919224.shtml

It gives a simple command that can be used to
basically execute code as root.

osascript -e 'tell app "ARDAgent" to do shell script "whoami"'

The above will print "root" and replacing "whoami" will other
commands will cause the commands to be executed as root.

Looks like a job for NSTask...

This is certainly easier than using the Authentication
protocols :)

The "root" problem is that the ARDAgent executable is
suid'ed to root!

I was surprised than none of the common mac sites has
picked up on this...

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden



References:  
  >Cocoa can be used to execute arbitrary (privileged) code ! (From: Jerry LeVan <email@hidden>)




Prev by Date:
Cocoa can be used to execute arbitrary (privileged) code !

Next by Date:
Add item to NSSavePanel sidebar

Previous by thread:
Cocoa can be used to execute arbitrary (privileged) code !

Next by thread:
Re: Cocoa can be used to execute arbitrary (privileged) code !

Index(es):

Date
Thread