Re: Authorization without permanent setuid on helper
Re: Authorization without permanent setuid on helper
- Subject: Re: Authorization without permanent setuid on helper
- From: Bob Ippolito <email@hidden>
- Date: Thu, 20 Jan 2005 06:57:37 -0500
On Jan 20, 2005, at 6:43 AM, Finlay Dobbie wrote:
On Thu, 20 Jan 2005 04:51:34 -0500, Bob Ippolito <email@hidden>
wrote:
I would have to say that this method sounds MORE secure than using
setuid, because you actually need to authenticate every time. Using
setuid is for convenience. Once the helper is setuid, it no longer
requires authorization to run as uid 0. If you don't want the helper
tool to be "pre-authorized", then you shouldn't setuid it.
Actually, AuthorizationExecuteWIthPrivileges() is considered a
potential security hole, so having a self-restricted setuid tool is
regarded as more secure.
Yes, that's true. You need to be certain that the tool you are asking
it to execute is what you want it to be:
"This function poses a security concern because it will
indiscriminately run any tool or application, severely increasing the
security risk."
-bob
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden