Fix Leopard’s ARDagent Flaw

Now that there is code in the wild that exploits ARDagent to get root access, I figured it was time to whip up a simple script to help close the issue.  To explain, the reason that ARDagent is allowed to run code as root without first authenticating is because of the SUID bit.

I won’t go into detail as to why the SUID bit has been put into place and why it is or isn’t a bad idea to use, however in short, the SUID bit allows the binary that has this permission set to run as root, despite who actually launches it.  Anyway, here is the code you will want to run:

osascript -e 'tell app "ARDAgent" to do shell script "whoami"';
sudo chmod 755 /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent"';
osascript -e 'tell app "ARDAgent" to do shell script "whoami"';

What this will do is show you the before, after, and also change the permissions of the ARDagent binary.  To run this simply open terminal, and paste it in.  When asked for a password, provide yours, just like you would normally do when installing software.  For those of you who want a package to deploy, I have also provided a .deploy package and an applescript application.