Re: setuid to root App cannot compile NSAppleScript
Re: setuid to root App cannot compile NSAppleScript
- Subject: Re: setuid to root App cannot compile NSAppleScript
- From: Dave Camp <email@hidden>
- Date: Thu, 11 Dec 2003 08:57:33 -0800
The "normal" security model on OS X would be for your app to run
unprivileged and use the Security Framework to authenticate the user
execute a sub-process that only performed the part of the operation
that requires elevated privileges. The Security Framework has several
code examples and the documentation describes the pros and cons of the
various ways of executing code with elevated privileges.
That said, I'm still not sure that solves your problem for a few
reasons:
- Security Framework might still refuse to run an AppleScript with
elevated privileges. I don't know.
- Running an AppleScript as root that tells the Finder to copy a file
will not result in the Finder having any extra privileges. The Finder
is still owned by the current user.
- I would still think a root owned AppleScript would be a major
security hole. It's not been my experience that AppleScripts always
behave as intended. Last thing you want is one running as root and
trashing the machine...
A better solution would be to just write a small tool to do the file
copy and use the methods outlined in the Security Framework
documentation to have your app execute it. Without looking at the docs,
I think the correct sequence is: app authenticates the user, app
launches task and passes the security token, task validates the
security token, task self repairs if needed (suid root), task performs
requested operation.
Keep in mind that when root copies the file, it will then be owned by
root, so you will have to restore the user, group, and permissions that
you want (I think).
Dave
On Dec 11, 2003, at 8:36 AM, Lorenzo wrote:
I want to do that because my application copys some file mantaining the
original ownership and permissions. And in MacOS X Only the root user
can
copy a file maintaining the original ownership and permissions.
The AppleScript come very useful because before the copy the user can
tell
the Finder to close his own active applications and the documents to
copy,
so the copy can go well.
So currently the user launchs the application and authenticates
himself to
run it with the root privileges, then he starts an action which
includes the
copy of some files (and the AppleScript should fire before the copy).
But
the AppleScript doesn't compile. The user authenticated himself.
At least I would like to compile and execute the AS as simple user.
So, how to go out from the root privileges status (getuid != 0) in a
while?
Best Regards
--
Lorenzo
email: email@hidden
From: Dave Camp <email@hidden>
Date: Thu, 11 Dec 2003 08:12:21 -0800
To: Lorenzo <email@hidden>
Cc: email@hidden
Subject: Re: setuid to root App cannot compile NSAppleScript
I would expect that trying to run an AppleScript as root would be a
major security violation.
Why do you want to do that?
Dave
On Dec 11, 2003, at 1:35 AM, Lorenzo wrote:
Hi list,
I use to make my application run an AppleScript like this:
----------------
tell application "Finder"
beep
end tell
----------------
If I login on my machine as simple user (administrator), it works
fine.
If I login on my machine as "root" user, it works fine.
If I login on my machine as simple user (administrator), and I run my
application with setuid = 0 - that is with root privileges -
the AppleScript doesn't compile. It returns the error -2709
I do this:
as = [[[NSAppleScript alloc] initWithSource:asText] autorelease];
ok = [as compileAndReturnError:&asError];
What should I do in order to fix the problem?
Thank you.
Best Regards
--
Lorenzo
email: email@hidden
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.