Re: Authorization without permanent setuid on helper
Re: Authorization without permanent setuid on helper
- Subject: Re: Authorization without permanent setuid on helper
- From: OL&L Lists <email@hidden>
- Date: Thu, 20 Jan 2005 14:37:35 -0800
At 6:57 AM -0500 1/20/05, Bob Ippolito wrote:
On Jan 20, 2005, at 6:43 AM, Finlay Dobbie wrote:
On Thu, 20 Jan 2005 04:51:34 -0500, Bob Ippolito <email@hidden> wrote:
I would have to say that this method sounds MORE secure than using
setuid, because you actually need to authenticate every time. Using
setuid is for convenience. Once the helper is setuid, it no longer
requires authorization to run as uid 0. If you don't want the helper
tool to be "pre-authorized", then you shouldn't setuid it.
Actually, AuthorizationExecuteWIthPrivileges() is considered a
potential security hole, so having a self-restricted setuid tool is
regarded as more secure.
Yes, that's true. You need to be certain that the tool you are
asking it to execute is what you want it to be:
"This function poses a security concern because it will
indiscriminately run any tool or application, severely increasing
the security risk."
Yes and that is also why Apple recommends using MIB to execute your
tool - MIB requires the use of a "known good template" tool that MIB
can check against before running the tool in question - if the tool
to be run does not match the template, then MIB refuses to run it -
thus reducing the risk that a compromised tool can be run.
According to Apple, one should always use MIB to execute helper tools.
Michael
Orbital Launch & Lift, Inc.
http://www.orbitallaunch.com
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden