Re: setuid to root App cannot compile NSAppleScript
Re: setuid to root App cannot compile NSAppleScript
- Subject: Re: setuid to root App cannot compile NSAppleScript
- From: OL&L Dev 2 <email@hidden>
- Date: Thu, 11 Dec 2003 19:36:37 -0800
Actually I just completed writing at setuid helper tool and app to
call it for a major client. It's a major, major undertaking and very
difficult. You need to read six separate Apple documents in order to
get the big picture.
It's pretty complicated. The privileged helper tool should be built
independently, then manually put inside the app's /Resources/MacOS
folder inside the app's bundle - and called from there.
Don't even think of attempting to write this without using Apple's
MoreIsBetter lib. You need that lib to easily call the tool and to
easily access SCF. Without it, it's a total nightmare.
You can get around the setuid bits problem on the helper tool file by
ignoring those bits and using MoreIsBetter to set and unset
privileged mode when calling the tool. If you are using the tool to
set System Prefs via SCF, then you will also need umask code to
prevent SCF from mangling the bits on preferences.xml (which will
render it unreadable by System Preferences.app - nice, eh?).
I am available for hire immediately to write setuid privileged helper
tools for anyone who needs one.
James
At 8:57 AM -0800 12/11/03, Dave Camp wrote:
The "normal" security model on OS X would be for your app to run
unprivileged and use the Security Framework to authenticate the user
execute a sub-process that only performed the part of the operation
that requires elevated privileges. The Security Framework has
several code examples and the documentation describes the pros and
cons of the various ways of executing code with elevated privileges.
That said, I'm still not sure that solves your problem for a few reasons:
- Security Framework might still refuse to run an AppleScript with
elevated privileges. I don't know.
- Running an AppleScript as root that tells the Finder to copy a
file will not result in the Finder having any extra privileges. The
Finder is still owned by the current user.
- I would still think a root owned AppleScript would be a major
security hole. It's not been my experience that AppleScripts always
behave as intended. Last thing you want is one running as root and
trashing the machine...
A better solution would be to just write a small tool to do the file
copy and use the methods outlined in the Security Framework
documentation to have your app execute it. Without looking at the
docs, I think the correct sequence is: app authenticates the user,
app launches task and passes the security token, task validates the
security token, task self repairs if needed (suid root), task
performs requested operation.
Keep in mind that when root copies the file, it will then be owned
by root, so you will have to restore the user, group, and
permissions that you want (I think).
Dave
On Dec 11, 2003, at 8:36 AM, Lorenzo wrote:
I want to do that because my application copys some file mantaining the
original ownership and permissions. And in MacOS X Only the root user can
copy a file maintaining the original ownership and permissions.
The AppleScript come very useful because before the copy the user can tell
the Finder to close his own active applications and the documents to copy,
so the copy can go well.
So currently the user launchs the application and authenticates himself to
run it with the root privileges, then he starts an action which includes the
copy of some files (and the AppleScript should fire before the copy). But
the AppleScript doesn't compile. The user authenticated himself.
At least I would like to compile and execute the AS as simple user.
So, how to go out from the root privileges status (getuid != 0) in a while?
Best Regards
--
Lorenzo
email: email@hidden
From: Dave Camp <email@hidden>
Date: Thu, 11 Dec 2003 08:12:21 -0800
To: Lorenzo <email@hidden>
Cc: email@hidden
Subject: Re: setuid to root App cannot compile NSAppleScript
I would expect that trying to run an AppleScript as root would be a
major security violation.
Why do you want to do that?
Dave
On Dec 11, 2003, at 1:35 AM, Lorenzo wrote:
Hi list,
I use to make my application run an AppleScript like this:
----------------
tell application "Finder"
beep
end tell
----------------
If I login on my machine as simple user (administrator), it works fine.
If I login on my machine as "root" user, it works fine.
If I login on my machine as simple user (administrator), and I run my
application with setuid = 0 - that is with root privileges -
the AppleScript doesn't compile. It returns the error -2709
I do this:
as = [[[NSAppleScript alloc] initWithSource:asText] autorelease];
ok = [as compileAndReturnError:&asError];
What should I do in order to fix the problem?
Thank you.
Best Regards
--
Lorenzo
email: email@hidden
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.