Workaround for the ARDAgent 'setuid root' problem
Update: Commenter (and Mac OS X security pro) Zack Smith points out that it's possible to kill the ARDAgent process and immediately run the osascript command, which sooner or later will bypass the protection you get by turning on ARD in System Preferences. Under those circumstances an attacker or someone sitting at your machine could still run commands as root, much to your chagrin. To prevent this, one approach is to change the permissions on the ARDAgent application bundle -- note that this will break with future system updates or permissions repairs, and may adversely affect administrative access to your machine from legitimate managers:
sudo chmod -R u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app
You can also simply archive and remove ARDAgent.app if you don't plan to be managed by anyone.
These steps should prevent you from being affected may mitigate the affects of the OSAScript/setuid root vulnerability on Mac OS X 10.5 and 10.4, but if you are concerned about the vulnerability you may wish to temporarily remove the ARDAgent.app bundle from /System/Library/CoreServices/RemoteManagement.
Leopard: System Prefs, Sharing pane
Open System Preferences, go to the Sharing pane and look for Remote Management. Check it to turn it on.
Make sure no permissions are active
No reason to turn on any permissions here, unless you actually want your machine to be managed remotely! Click OK.
Extra safety...
Make sure "Only these users" is checked and that there are no users in the box.
Tiger: "Apple Remote Desktop" setting
For 10.4 users, the setting to turn on is "Apple Remote Desktop."
User permissions all off
Uncheck all users and all permissions, and click OK.
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
