Security opinion needed
Security opinion needed
- Subject: Security opinion needed
- From: Michael Latta <email@hidden>
- Date: Sun, 4 Jan 2004 10:21:00 -0800
In looking at some security issues in our application I would like some
opinions from the list.
While the use of Cocoa or Carbon in a setuid app are verboten, what
about Foundation and Objective-C code? Some of the Objective-C runtime
issues could be a problem with any dynamic code (poseAs for example).
But without dynamic code loading would use of NSFile, NSDIctionary, and
application specific code be considered a problem?
While the helper tool model is recommended, it has an undesirable
aspect for us. You need to decide statically when privileges are
required. We would have rather had the option of only executing with
privileges when required dynamically. For example when a non-admin
user is operating there should be no privileges active, and when the
admin user is running there should only be privileges when that user
directs the application to operate in privileged mode. It looks like
we would need 2 copies of the helper tools, one with setuid and one
without, so that we can operate in the desired mode. And this still
requires that we partition the work if a task can be mixed mode. Is
there any way to dynamically operate with privileged access to files?
We need to be able to read and create files with mixed ownership and
access.
Michael Latta
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.