{/if}
Back to Mobile View

Skip to Content

Workaround for the ARDAgent 'setuid root' problem

Update: Commenter (and Mac OS X security pro) Zack Smith points out that it's possible to kill the ARDAgent process and immediately run the osascript command, which sooner or later will bypass the protection you get by turning on ARD in System Preferences. Under those circumstances an attacker or someone sitting at your machine could still run commands as root, much to your chagrin. To prevent this, one approach is to change the permissions on the ARDAgent application bundle -- note that this will break with future system updates or permissions repairs, and may adversely affect administrative access to your machine from legitimate managers:

sudo chmod -R u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app

You can also simply archive and remove ARDAgent.app if you don't plan to be managed by anyone.

These steps should prevent you from being affected may mitigate the affects of the OSAScript/setuid root vulnerability on Mac OS X 10.5 and 10.4, but if you are concerned about the vulnerability you may wish to temporarily remove the ARDAgent.app bundle from /System/Library/CoreServices/RemoteManagement.

Leopard: System Prefs, Sharing pane

Open System Preferences, go to the Sharing pane and look for Remote Management. Check it to turn it on.

Make sure no permissions are active

No reason to turn on any permissions here, unless you actually want your machine to be managed remotely! Click OK.

Extra safety...

Make sure "Only these users" is checked and that there are no users in the box.

Tiger: "Apple Remote Desktop" setting

For 10.4 users, the setting to turn on is "Apple Remote Desktop."

User permissions all off

Uncheck all users and all permissions, and click OK.

That's it!

© 2014 AOL Inc. All Rights Reserved.