> Why does your tool need to run from the boot partition?
It does not. But it needs to run setuid root, and this seems not to
work on FireWire-non-boot-partitions.
Of course. Otherwise, I could take a FireWire drive, hook it up to my
Mac, put a tool on it, make it setuid root, then connect my drive to
your Mac and boom! Instance root access.
To clarify, removable volumes are mounted with "Ignore ownership on
this volume" ticked by default (in the Get Info window). This means
the actual user & group owners are ignored, both for reading and
writing. MacOS X sees to it that it appears that the user whom
mounted them (the console user, I presume) owns them, and changes to
the owner user or group are ignored.
You can certainly turn this check box off. But, obviously, you take
your security into your own hands when you do so. You need admin
privileges to turn it off though (standard authentication dialog), so
at least there's some protection against unwary users.
The status of this check box is preserved across mount sessions of
the given volume, although whether it's stored locally or on the
volume I don't know. I would really hope not the latter, for
security reasons, but from what I've quickly Googled I do in fact get
the impression this is the case. Anyone else got two machines handy
to test with?
P.S. You can't ignore ownership on the boot volume, obviously, so
booting from a removable drive will always run the associated risks.
I don't know if booting from removable volumes can be disabled.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/email@hidden
