Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: Authorization without permanent setuid on helper

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authorization without permanent setuid on helper

Subject: Re: Authorization without permanent setuid on helper
From: Finlay Dobbie <email@hidden>
Date: Thu, 20 Jan 2005 11:43:13 +0000

On Thu, 20 Jan 2005 04:51:34 -0500, Bob Ippolito <email@hidden> wrote:
> I would have to say that this method sounds MORE secure than using
> setuid, because you actually need to authenticate every time. Using
> setuid is for convenience. Once the helper is setuid, it no longer
> requires authorization to run as uid 0. If you don't want the helper
> tool to be "pre-authorized", then you shouldn't setuid it.

Actually, AuthorizationExecuteWIthPrivileges() is considered a
potential security hole, so having a self-restricted setuid tool is
regarded as more secure.

 -- Finlay
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Follow-Ups:
- Re: Authorization without permanent setuid on helper
  - From: Bob Ippolito <email@hidden>

References:
	>Authorization without permanent setuid on helper (From: email@hidden)
	>Re: Authorization without permanent setuid on helper (From: Bob Ippolito <email@hidden>)

Prev by Date: Re: Why do "loose" nibs take precedence over nibs in .lproj?
Next by Date: Re: Novice question: How to catch button click event in Doc based app?
Previous by thread: Re: Authorization without permanent setuid on helper
Next by thread: Re: Authorization without permanent setuid on helper
Index(es):
- Date
- Thread