Mac OS X Root Escalation Through AppleScript 359
An anonymous reader writes "Half the Mac OS X boxes in the world (confirmed on Mac OS X 10.4 Tiger and 10.5 Leopard) can be rooted through AppleScript: osascript -e 'tell app "ARDAgent" to do shell script "whoami"'; Works for normal users and admins, provided the normal user wasn't switched to via fast user switching. Secure? I think not." On the other hand, since this exploit seems to require physical access to the machine to be rooted, you might have some other security concerns to deal with at that point, like keeping the intruder from raiding your fridge on his way out.
ARDAgent is Apple Remote Desktop (Score:5, Informative)
Only need a shell.... (Score:0, Informative)
Verified, on my Leopard box. SSH'ed to it and rooted it (I was able to touch a file in a root-only directory)
Re:ARDagent (Score:5, Informative)
Even as a normal user on my mac, the exploit code works.
Re:Physical access? (Score:5, Informative)
_RegisterApplication(), FAILED TO establish the default connection to the WindowServer, _CGSDefaultConnection() is NULL.
However, it does work if you have a remote desktop view into a machine.
Re:Only need a shell.... (Score:5, Informative)
Verified, on my Leopard box. SSH'ed to it and rooted it (I was able to touch a file in a root-only directory)
MOD PARENT DOWN (Score:5, Informative)
Re:Physical access? (Score:5, Informative)
not a full exploit, yet (Score:2, Informative)
However, I also logged out of my account and into an account that has no permissions to access my regular home directory (normally I log in with short name "me"), then ran:
osascript -e 'tell app "ARDAgent" to do shell script "touch
It doesn't do anything for a long time, and then returns
execution error: ARDAgent got an error: AppleEvent timed out. (-1712)
Same thing happens if I bundle the command into a sh file and try to execute that instead. I am not a hacker, but it would seem, at least at first glance, that ARDAgent is not entirely privileged.
Re:ARDagent (Score:2, Informative)
Re:Physical access? (Score:5, Informative)
Re:not a full exploit, yet (Score:5, Informative)
Re:Only need a shell.... (Score:2, Informative)
Tested it my self remotely.
Re:Insecure root-owned binaries on unix? (Score:4, Informative)
That's it:
% ls -l-rwsr-xr-x 1 root wheel 1439952 Nov 15 2007 ARDAgent
Time to run find(1) to see if there are any other things like this.
And, I should say, as a so-call Apple fanboy, I am deeply embarrassed. It's been decades that people have known to watch out for stuff like this.
Quick Question (Score:2, Informative)
Re:Quick Question (Score:5, Informative)
I've got it to run destructive things as an ordinary user without any need for authentication beyond being logged in
% osascript -e 'tell app "ARDAgent" to do shell script "echo Nasty Content >Nasty Content
One more, maybe. (Score:4, Informative)
Assumptions:
AppleScripting is only applicable to
"do shell script" is only a problem in the main binary, suid stuff in Resources/ isn't impacted.
Results: Now, I have one of the machines where this exploit isn't working: So, somebody out there who can get it to work, see if: works or not. That might need full pathing, I'm not sure.
The exploits - they do nothing! (Score:3, Informative)
23:47: execution error: ARDAgent got an error: Connection is invalid. (-609)
I'm so not impressed.
It's easier than that.. (Score:4, Informative)
It's almost like Anna_Kournikova.jpg.vbs all over again.
Recipe for neutralizing it (Score:5, Informative)
cd
sudo tar -czf ARDAgent.app.gz ARDAgent.app
sudo chmod 600 ARDAgent.app.gz
This simply hides it in an unreadable tarball.
Re:Physical access? (Score:5, Informative)
Nope, not here (Score:2, Informative)
Doesn't look too scary to me. Some kind of hoax maybe?
Re:Recipe for neutralizing it (Score:5, Informative)
chmod u-s
After doing that, I get:
patrick@picasso:~$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
patrick
(Repairing permissions will probably reset this though.)
Re:Recipe for neutralizing it (Score:5, Informative)
If you try to gzip an application bundle without putting it in a tarball first, you'll just get a "foo.app/ is a directory; ignored" error.
It's confusing because the Finder doesn't treat application bundles like normal directories, but that's what they are to the filesystem and *nix utilities.
Re:ARDagent (Score:4, Informative)
I.e., you can't run it over an SSH session; you need the Finder. The only ways to get access to the Finder are either physically, by sitting down in front of the computer, or by using a screen-sharing application like Screen Sharing (Remote Desktop), or VNC.
That was my understanding, at least.
The exploit works, if you have physical access to the machine, regardless of whether you have Screen Sharing enabled or not. However, it's when you have Screen Sharing turned on that it's possibly a remote root to anyone you let access your screen.
It's a bad vulnerability and one that I'd like to see Apple fix ASAP, but it's several steps down from a true unprivileged remote root. It might have negative consequences for shared and lab machines, but for most home and office users it doesn't seem like it means much, unless you typically allow lots of people remote-desktop/VNC access.
Re:Recipe for neutralizing it (Score:4, Informative)
Re:Physical access? (Score:5, Informative)
Not that it matters. If you have that level of access, you're already in a position to do more damage than what you could do through this exploit, by the sounds of it.
Re:Root Account Disabled by Default on Macs (Score:2, Informative)
So, can someone explain to me how an exploit can get root of there's no root account?
Apple's Knowledge Base reports this is 'safe' (Score:5, Informative)
Users noticed in October that Apple's built-in file system permissions verifier really wanted to delete the ARDAgent program (along with several others) because it was user-executable and setuid root. None of the users seemed to understand exactly what this meant...
Apple's reported fix, and I am not making this up:
The entire text below, in case Apple deletes it:
Mac OS X 10.5: Disk Utility's Repair Disk Permissions reports issues with SUID files
* Last Modified: June 06, 2008
* Article: TS1448
* Old Article: 306925
Symptoms
The following messages may appear in the Disk Utility log window when repairing disk permissions.
Warning: SUID file "usr/libexec/load_hdi" has been modified and will not be repaired.
Warning: SUID file "System/Library/PrivateFrameworks/DiskManagement.framework/Versions/A/Resources/DiskManagementTool" has been modified and will not be repaired.
Warning: SUID file "System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/Resources/Locum" has been modified and will not be repaired.
Warning: SUID file "System/Library/PrivateFrameworks/Install.framework/Versions/A/Resources/runner" has been modified and will not be repaired.
Warning: SUID file "System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/readconfig" has been modified and will not be repaired.
Warning: SUID file "System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/writeconfig" has been modified and will not be repaired.
Warning: SUID file "usr/libexec/authopen" has been modified and will not be repaired.
Warning: SUID file "System/Library/CoreServices/Finder.app/Contents/Resources/OwnerGroupTool" has been modified and will not be repaired.
Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent" has been modified and will not be repaired.
"Any message that starts with: 'ACL found but not expected on...'."
Products Affected
Mac OS X 10.5
Resolution
You can safely ignore these messages. They are accurate but not a cause for concern.
Re:Physical access? (Score:5, Informative)
I tried it - didn't work for me (Score:2, Informative)
I tried it and got:
execution error: ARDAgent got an error: "whoami" doesnâ(TM)t understand the do shell script message. (-1708)This is on MacOSX 10.5.3 (9D34) Darwin 9.3.0, Power PC . I have "Remote Login" and "Remote Management" enabled. "Screen Sharing" is under the control of Remote Management.
Haven't tried it on my Intel Mac, or my iMac G5/Tiger . (The iMac stays at Tiger for BitPim and a bunch of games for the kids.)
Fix using Info.plist (Score:5, Informative)
This may have come too late in the comments for anyone to see it, but if the exploit is active on your system, adding a key to ARDAgent's Info.plist makes the problem go away without disabling ARDAgent altogether. (Whether or not ARDAgent is a security vulnerability itself is another story.)
That "YES" is not a typo; setting it to "NO" does not fix the problem. AFAICT this makes osascript expect that ARDAgent will implement more of its own AppleScript handlers...which of course, it doesn't.
P.S. I searched for other, similar problem setuid apps, and turned up check_afp.app (which someone else posted already) and, surprisingly, GoogleUpdaterInstaller. Fortunately, even though these apps run setuid, they won't respond to the "do shell script" attack.
NetCat + ARDAgent escalation video posted (Score:2, Informative)
My mistake (Score:5, Informative)
So someone has to be logged into the Desktop at the same time the command is issued (even if issued remotely) and I'm guessing that the account the remote user is logged into probably has to be the same account the desktop user is using.
So Xserve servers should be immune to this via SSH, unless someone else is actively using Remote Desktop at the same time. Interesting!
Re:Root via OS X install DVD (Score:3, Informative)
Blocks the ability to use the "C" key to start up from an optical disc.
Blocks the ability to use the "N" key to start up from a NetBoot server.
Blocks the ability to use the "T" key to start up in Target Disk Mode (on computers that offer this feature).
Blocks the ability to start up in Verbose mode by pressing the Command-V key combination during startup.
Block the ability to start up a system in Single-user mode by pressing the Command-S key combination during startup.
Blocks a reset of Parameter RAM (PRAM) by pressing the Command-Option-P-R key combination during startup.
Requires the password to use the Startup Manager, accessed by pressing the Option key during startup (see below).
Requires the password to enter commands after starting up in Open Firmware, which is done by pressing the Command-Option-O-F key combination during startup.
Blocks the ability to start up in Safe Boot mode by pressing the Shift key during startup.
(Similar stuff on Intel)
Re:Physical access? (Score:3, Informative)
Of course, you can run it as "root" over ssh, but that kinda defeats the purpose!
Re:Physical access? (Score:3, Informative)
Re:Physical access? (Score:2, Informative)
Mini:~ max$ ssh max@emac.local
Come again? Even though the eMac is sitting right next to the mini, there's no VNC or other screen sharing running. Screen sharing IS switched on, though. If I switch it off, the exploit still works. Remote management is switched off the entire time.Password:
Last login: Thu Jun 19 03:37:58 2008
eMac:~ max$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"';
root
Re:Fix using Info.plist (Score:4, Informative)
$ sudo defaults write
$ sudo plutil -convert xml1
$ sudo chmod 644
The NSAppleScriptEnabled seems to force the use of the standard applescript dictionary which lacks the "do shell script" action. This is what you get when you try again:
$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
23:47: execution error: ARDAgent got an error: "whoami" doesn't understand the do shell script message. (-1708)
$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
23:47: execution error: ARDAgent got an error: "whoami" doesn't understand the do shell script message. (-1708)
You don't need physical access. (Score:3, Informative)
It's not quite as easy as passing in an "applescript:" URL, at least...
Re:Recipe for neutralizing it (Score:3, Informative)
Not sure if you can edit the database manually, but it looks like pkgutil [apple.com]'s --edit-pkg and --learn options might do the trick to update the package receipts Repair Permissions uses.
Does ARD continue to work after you've changed the permissions? If it doesn't you might as well just remove it.