I’ve been away on holiday in beautiful NZ for a few weeks and my time has been rather constrained since I got back, which is why I’ve dropped out of the forum.
Having come back, I’ve been doing some house-keeping on the MBP and MBA. Repairing permissions on each has brought up a scary final line:
“Warning: SUID file “System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent” has been modified and will not be repaired.”
Can anyone of you Mac Gurus advise me what a SUID file and ARDAgent.app are? How dangerous is this? Do I need to do a clean re-install of the system? My guess is that it’s to do with Remote Desktop, which I’ve never used.
All that I have done over the last few months is install routine updates, copy necessary library files from the external OS 10.4 disk so that I can try using InDesign CS1 on the MBP — so it can’t be that, as I haven’t done that on the MBA — and then authorise my wife’s MacBook on iTunes.
ARDAgent is, as you infer, related to Apple Remote Desktop. As for why it has been modified, that is a little perplexing. Have you ever, or do you currently use any virus scanning software on your Mac? A while back there was a security breach found with this particular script which would allow a user on the machine (or remotely logged in as you) to gain root access (a SUID script does precisely that, but Apple was lazy about it and designed the application so that it would execute external scripts as root). Some virus scanners took advance action to close the hole before Apple could get around to it. Maybe that is what you are seeing.
Thanks Amber. I use ClamXav for virus scanning on both machines, and it’s some time since I repaired permissions. I may well have upgraded it since the previous repair permissions, so it is possible that that may be the answer.
The other thing that has root access is Synchronize! Pro X … I had had problems with that: (1) QDEAs download server is blocked by the GFWoC, but QDEA put a version on an alternate server for me if there’s a major update; (2) when updated, it isn’t always happy running from within a non-admin user account, but Hugh Sontag is always extremely helpful at getting such things sorted out. I did have those problems for a while, and used an unlicenced version of SuperDuper until I got round to dealing with it. I guess that too probably uses root access to create bootable back-ups, so maybe it was one of those.
Should I do a complete clean system re-install, do you think?
Ah, thanks very much Signinstranger. As always the Lit & Lat forum shows itself to be a repository of the most useful information and inhabited by the most knowledgeable and helpful members.
