Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: Cocoa can be used to execute arbitrary (privileged) code !

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cocoa can be used to execute arbitrary (privileged) code !

Subject: Re: Cocoa can be used to execute arbitrary (privileged) code !
From: Jens Alfke <email@hidden>
Date: Thu, 19 Jun 2008 20:39:18 -0700

It might not be a bad idea to proactively disarm this vulnerability on your own machine(s), as I just did:

sudo chmod -s System/Library/CoreServices/RemoteManagement/ ARDAgent.app/ARDAgent

That turns off the setuid bit. I'm sure that'll break Remote Desktop functionality, but that's still preferable to having your machine pwned. (And it can be fixed by using Disk Utility to repair permissions.)

—Jens

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Follow-Ups:
- Re: Cocoa can be used to execute arbitrary (privileged) code !
  - From: Jerry LeVan <email@hidden>
- Re: Cocoa can be used to execute arbitrary (privileged) code !
  - From: Ken Thomases <email@hidden>

References:
	>Cocoa can be used to execute arbitrary (privileged) code ! (From: Jerry LeVan <email@hidden>)
	>Re: Cocoa can be used to execute arbitrary (privileged) code ! (From: Andrew Farmer <email@hidden>)

Prev by Date: Race in Apple's NSTreeContoller/NSOutlineView
Next by Date: Re: Cocoa can be used to execute arbitrary (privileged) code !
Previous by thread: Re: Cocoa can be used to execute arbitrary (privileged) code !
Next by thread: Re: Cocoa can be used to execute arbitrary (privileged) code !
Index(es):
- Date
- Thread