Re: Authorization without permanent setuid on helper
Re: Authorization without permanent setuid on helper
- Subject: Re: Authorization without permanent setuid on helper
- From: OL&L Lists <email@hidden>
- Date: Thu, 20 Jan 2005 14:34:11 -0800
At 4:51 AM -0500 1/20/05, Bob Ippolito wrote:
On Jan 19, 2005, at 5:49 PM, email@hidden wrote:
Are there any security repercussions with always "double running" a
helper tool instead of setuid'ing its file on the first run? By
"double running" I mean running it from the main app, having it
authorize, and then having it run itself as setuid (essentially
following AuthSample but skipping the ownership and permission
changes on the file).
I know that it'll incur the overhead of an extra process every
time, but for the purpose I have in mind, efficiency is not an
issue and it would make the app more mobile (without leaving
Application Support garbage behind, as MoreAuthSample's approach
would do).
I would have to say that this method sounds MORE secure than using
setuid, because you actually need to authenticate every time. Using
setuid is for convenience. Once the helper is setuid, it no longer
requires authorization to run as uid 0. If you don't want the helper
tool to be "pre-authorized", then you shouldn't setuid it.
-bob
Except that there are times when you do not want to annoy the user
with an authorization dialog - for example when performing a
privileged operation such as setting network preferences via some
kind of login/logout session scenario. In that case you want to use
the MoreAuthSample way so that the user isn't constantly annoyed with
authorization dialogs. Also, when using MIB to run your tool I think
it automatically uses setuid to make sure the tool is running as root.
-m
============
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden