Thread-topic: Can Privileged tool link to a framework? (MoreAuthSample)
User-agent: Microsoft-Entourage/11.2.5.060620
I'm writing an app which sometimes needs root privileges to read and write
files. I have previously implemented another tool based on MoreAuthSample,
so I'm trying to use this same structure.
My new tool is quite a heavy lifter, however, and it links in a couple of my
private frameworks. These frameworks are also used by my main application,
and are therefore in MyApp.app/Contents/Frameworks.
Following MoreAuthSample, my app's bundle has a "Template" copy of the tool
in MyApp.app/Contents/MacOS, but this is not what runs. As we know, the
MoreAuthSample code makes a copy of my tool into ~/Library/Application
Support/MyApp/ and runs that copy instead. As of now, this tool won't work
because dyld cannot find the required frameworks at the expected relative
path @executable_path/../Frameworks/.
Well, since dyld has no idea where it is relative to my application bundle,
the only solution I can think of is to require Installer to install my
frameworks some place with an absolute path, such as /Library/Frameworks or
~/Library/Frameworks. But I read in ReadMeAboutMoreAuthSample.html that one
of the motivations for MoreAuthSample is that "a Mac OS X application should
be self-contained, that is, it should be drag installable and not require
the user to run an installer".
So, it looks like maybe I've painted myself into a corner with my poor
understanding of MoreAuthSample. What am I doing wrong? Is it OK have a
tool running with privileges that links to external frameworks?
Jerry Krinock
For "extra credit", as Quinn The Eskimo says in his readme, if someone
really wants to be nice they could explain to me some of the Many Mysteries
of MoreAuthSample...
I'm not sure I understand why we need to make a copy of the tool and run the
copy. I think that maybe it is because we make it setuid root after we copy
it. Is that the (only) reason?
Supposedly, the following reasons quoted from
ReadMeAboutMoreAuthSample.htmlexplain why MoreAuthSample is "complex".
> You need to use a working helper tool and a backup helper tool
> because of the problems in the Mac OS X Finder:
>
> In Mac OS X 10.0.x, the Finder will silently drop the setuid root
> attribute of a helper program within your bundle.
> In Mac OS X 10.1.x, the Finder will not copy the setuid root helper
> program within your bundle (and display a cryptic error dialog).
> In Mac OS X 10.2.x, the Finder will refuse to copy an application
> that contains a setuid root helper tool.
Comment: Since my app requires 10.3 or later, the above do not apply
to me. Is that correct, or are there "problems" in 10.3 and
10.4 which did not exist at the time the above was written?
> It's a general requirement that a Mac OS X application should be
> self-contained, that is, it should be drag installable and not
> require the user to run an installer.
Comment: That's nice. So, what's that got to do with MoreAuthSample?
> It's a general requirement that a Mac OS X application be runnable
> from a read-only volume (like a CD-ROM). Thus, you can't place
> the helper tool within the application bundle because copying it
> there would require the volume be writable.
Comment: That makes no sense whatsoever to me. If we ship the app on a
CD-ROM, we write the helper tool into the bundle and burn the CD. Of
course it's not writable after that. So, what?
> Users can choose to ignore ownership on a particular volume by
> checking a checkbox in the Finder Get Info window. A setuid
> root program on an volume that's ignoring privileges will
> not be effective (it won't run as EUID 0).
Comment: Well, first of all I just did a Get Info on both my hard drive
root and my Home folder, and I see no such checkbox in the Tiger Finder.
Regarding the second sentence, this implies that we are explaining why
MoreAuthSample wants to NOT use a setuid root program. Is that the
point here?
> The user's home directory could be on a volume format, such as NFS,
> that does not support setuid root programs.
Comment: Well, since the tool is copied to and runs from:
~/Library/Application Support/MyApp/, I guess this is further
explanation of why MoreAuthSample does NOT "simply" use a setuid root
program. Is that the idea?
Finally, from reading MoreSec.c, it appears that we look for the tool in a
number of places, but we only write it to ~/Library/Application
Support/MyApp/. How would it get anyplace else?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
This email sent to email@hidden
