• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Authorization without permanent setuid on helper
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authorization without permanent setuid on helper

  • Subject: Re: Authorization without permanent setuid on helper
  • From: John Davidorff Pell <email@hidden>
  • Date: Fri, 21 Jan 2005 16:41:24 -0800

On 20 Jan 2005, at 14:34, OL&L Lists wrote:
At 4:51 AM -0500 1/20/05, Bob Ippolito wrote:
On Jan 19, 2005, at 5:49 PM, email@hidden wrote:
Are there any security repercussions with always "double running" a helper tool instead of setuid'ing its file on the first run? By "double running" I mean running it from the main app, having it authorize, and then having it run itself as setuid (essentially following AuthSample but skipping the ownership and permission changes on the file).

I know that it'll incur the overhead of an extra process every time, but for the purpose I have in mind, efficiency is not an issue and it would make the app more mobile (without leaving Application Support garbage behind, as MoreAuthSample's approach would do).

I would have to say that this method sounds MORE secure than using setuid, because you actually need to authenticate every time. Using setuid is for convenience. Once the helper is setuid, it no longer requires authorization to run as uid 0. If you don't want the helper tool to be "pre-authorized", then you shouldn't setuid it.

-bob


Except that there are times when you do not want to annoy the user with an authorization dialog - for example when performing a privileged operation such as setting network preferences via some kind of login/logout session scenario. In that case you want to use the MoreAuthSample way so that the user isn't constantly annoyed with authorization dialogs. Also, when using MIB to run your tool I think it automatically uses setuid to make sure the tool is running as root.

-m

I very much do not like this. Personally, I would prefer to be prompted every time that a root operation is performed. I go out of my way to remove setuid binaries from my system. I think they are inappropriate. If a user should be allowed to perform an operation, then they should have permission to do so. They should not circumvent the permissions model by using a setuid binary.

Then again, I'm a bit more informed about this sort of thing than the average mac user. :-/

JP






--
". . . Through the cold and darkness
we will look back on this day
and fall into oblivion.
Through a brilliance beyond twilight
we will rise again,
ready to face the dangers that befall on us . . ."




Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Authorization without permanent setuid on helper
      • From: OL&L Lists <email@hidden>
    • Re: Authorization without permanent setuid on helper
      • From: Finlay Dobbie <email@hidden>
References: 
 >Re: Authorization without permanent setuid on helper (From: Bob Ippolito <email@hidden>)
 >Re: Authorization without permanent setuid on helper (From: OL&L Lists <email@hidden>)

  • Prev by Date: Re: Authorization without permanent setuid on helper
  • Next by Date: Re: Authorization without permanent setuid on helper
  • Previous by thread: Re: Authorization without permanent setuid on helper
  • Next by thread: Re: Authorization without permanent setuid on helper
  • Index(es):
    • Date
    • Thread