Greetings All
When you deal with networking on Mac OS X, you often have to run as root
(with your process's EUID equal to 0) in order to do certain things (bind
to low-numbered ports, send and receive pings, access raw Ethernet).
Apple's recommended approach for doing this is to factor your application
into the main application and a setuid root helper tool. In the past the
canonical technique for doing this was demonstrated by the AuthSample
sample code.
Over the past few months I've been rewriting AuthSample as MoreAuthSample.
The new code has a number of advantages.
o The bulk of MoreAuthSample is implemented in a code library,
MoreSecurity. You can reuse the common code as a whole and just
concentrate on the application-specific parts of your code.
o MoreAuthSample allows your application to pass a CFDictionary to the
helper tool, whereas AuthSample only allows you to pass a simple parameter
block. The AuthSample approach is more secure, but it is also much less
flexible.
o MoreAuthSample allows your application to receive a complex response
from the helper tool (a CFDictionary) while AuthSample only returns a
simple error code.
o MoreAuthSample stores its helper tool in the Application Support folder,
which fixes many of the real world problems encountered by users of
AuthSample.
You can download MoreAuthSample from the URL below.
<http://developer.apple.com/samplecode/Sample_Code/Security/MoreAuthSample.htm>
The sample includes extensive documentation. Please before it you use the
code.
I'm more than happy to discuss this code on this mailing list so, if you
have questions, feel free to ask them here.
S+E
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Technical Support * Networking, Communications, Hardware
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.
