It is my practice after an update  to revert to Std Redmond Paranoia [think: l33T Survival Skillz.] Thus, I indeed RTFM, in this case, scan console and 'All' -- logs. Then I run disk util, merely to see how the Permissions have fared; usually a couple are off via a 'drwxr --> lrwxr' and like that trivial. Today it zipped through the Permissions; est "38 Min" anticipated time: actual more like 2. As usual too, no surprises; how unRedmond can you get?
This complaint though, I recall from earlier updates; figure I ought to find out whether it too is trivial. Or not:
"System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent" has been modified and will not be repaired
(Note above this msg.: "Falling back to default Mach exception handler")
Among comments Googled re this error line, this from Apple:
http://lists.apple.c...Jun/msg00033.html
But it's from 6-27-08. Still, these exchanges --
Hi,
I checked about ARDAgent exploit which is talked on Macshadows web site.
http://www.macshadow...=ARDAgent_exploit
I wonder about this exploit works on Leopard as that article says. It seems to be checked only on Tiger, 10.4.11.
It is true ARDAgent has set-uid bit of root. But ARDAgent does not run as root but nobody on Leopard.
------
xforce1:~ sadmin$ sw_vers
ProductName: Mac OS X Server
ProductVersion: 10.5.3
BuildVersion: 9D34
xforce1:~ sadmin$ w
12:11 up 28 days, 17:12, 1 user, load averages: 0.03 0.03 0.00
USER TTY FROM LOGIN@ IDLE WHAT
sadmin s000 garuda.local 10:40 - w
xforce1:~ sadmin$ ps aux|grep ARDA |grep -v grep
nobody 4200 0.0 0.1 89252 2292 ?? S 10:41AM 0:00.04 /System/Library/CoreServices/RemoteManagement/ARDAgent.app/ Contents/MacOS/ARDAgent -psn_0_1642897
nobody 65783 0.0 0.1 94456 3688 ?? Ss Mon03PM 0:34.04 /System/Library/CoreServices/RemoteManagement/ARDAgent.app/ Contents/MacOS/ARDAgent
xforce1:~ sadmin$ osascript -e 'tell application "ARDAgent" to do shell script "id"'
_RegisterApplication(), FAILED TO establish the default connection to the WindowServer, _CGSDefaultConnection() is NULL.
31:51: execution error: ARDAgent got an error: "id" doesnÂt understand the do shell script message. (-1708)
-----
As you know, on Leopard, ARDAgent runs as nobody or as current user of console. Who logs in as root?
And there is restriction it cause execution error.
That article says the exploit effects both Tiger and Leopard. My understanding is there is vulnerability of ARDAgent on Tiger or earlier but not Leopard. Is this correct understanding or big miss- understanding?
Any suggestions, opinions and advice would be appreciated.
Thanks,
-takanori
Presumably Snow-L has benefitted from all the above concerns, since.
Point is, while I have no intention of enabling RemoteManagement -- isn't this ARDAgent in the area you'd expect to just maybe.. give a hint of pwned-ership?
Firewall log is replete with usual chatter, of course. But does there exist any handy utility for occasional use -- which is worth running / can at least indicate that there is cause for a more elaborate investigation?
I have no router/firewall yet as I've not found a single router model which installs on OS X without what appears to be an inordinate amount of CL massaging (nor even cookbook procedure for such; hell, I can type commands too.) I still don't do networks as the devil IS in the one detail missed. I want autoconfig and I'll tell it the ISP numbers.
Have considered my neighbor's paranoid solution after her neophyte trip through WiFi attaching to local school and not her ISP. Etc.: Net Barrier. Software, yes, thus $$ but so is OS X's apparently decent app. Maybe Net Barrier is superfluous? There WILL be 'sploits as Apple share rises.
I can feel it.. I can feel it.. (Only 1 Brownie point for source.)
Near end of the Update chatter (none with * on a quick perusal:)
"Could not find: com.apple.ReportCrash.Self"
Wtf is KARSTEN doing inside my Apple?
(Clearly the crash-save process works; on the few Leopard crashes all the data was there for ship --> Cupertino.)
I do grok the point made by Peter et al, that preoccupation with 'Permissions' is the hobby of the angst-ridden; I look now only after an Update because so many files are massaged. I ain't got no steenkin Angst, I'm just lazy == don't want to Fix things; I want them to stay unbroke.
Thanks for any tips beyond.. there, there, don't worry pretty-little head; OS X is T(o)uring Complete.
If this iMac catches fire tomorrow, it has had a bitchin first year free of all Redmond infuriating cutesy-pie-speak obfuscation.