Re: Authorization without permanent setuid on helper
Re: Authorization without permanent setuid on helper
- Subject: Re: Authorization without permanent setuid on helper
- From: Finlay Dobbie <email@hidden>
- Date: Thu, 20 Jan 2005 20:12:11 +0000
On 20 Jan 2005, at 19:50, Bob Ippolito wrote:
On Jan 20, 2005, at 12:19, Finlay Dobbie wrote:
On Thu, 20 Jan 2005 17:02:09 +0000, email@hidden
<email@hidden> wrote:
It seems to me that acquiring authorization rights every time a
self-restricted helper is invoked to perform a privileged operation
is bad security practice. My reasoning for that conclusion is that
the user will get into the habit of always entering the password, so
he/she might never know if a malicious helper app was substituted.
By limiting password entry to the first-run installation of the
helper, subsequent password requests should (with an accompanying
warning in the app documentation) set off a red flag in the user's
mind that something might be amiss. Does that sound about right?
Sounds just dandy. There's certainly a risk of users becoming too
accustomed to entering their admin password willy nilly.
Self-restriction is the way to go! :)
I don't know if that's the case for a multi-user system, though.
Wouldn't that tool be pre-authorized for *everyone*?
If your tool self-restricts correctly then that doesn't matter.
-- Finlay
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden