Two ways to possibly close an ARDAgent security hole

macosxhints.com System tips

Yesterday, Mac software developer Intego published a security memo on an exposure that exists with the ARDAgent application on OS X 10.4 and 10.5. ARDAgent runs when you use Screen Sharing in 10.5, and if you’ve enabled Remote Management in the System Preferences panel, but this exploit actually works when ARDAgent isn’t running. As far as I know, this exploit was first published on the Apple page at Slashdot, though it probably appeared elsewhere earlier.

You can read the details of the exploit in the Slashdot entry, but basically, it relies on the fact that ARDAgent runs as root and can send AppleScript commands, such as do shell script, to the system it’s running on. Given ARDAgent is running as root, any shell script launched by ARDAgent also runs as root, so such scripts run without promptin…