• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Authorization without permanent setuid on helper
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authorization without permanent setuid on helper

  • Subject: Re: Authorization without permanent setuid on helper
  • From: OL&L Lists <email@hidden>
  • Date: Fri, 21 Jan 2005 18:16:52 -0800
At 1:11 AM +0000 1/22/05, Finlay Dobbie wrote: 
On Fri, 21 Jan 2005 16:41:24 -0800, John Davidorff Pell
<email@hidden> wrote:

 I very much do not like this. Personally, I would prefer to be prompted
 every time that a root operation is performed. I go out of my way to
 remove setuid binaries from my system. I think they are inappropriate.
 If a user should be allowed to perform an operation, then they should
 have permission to do so. They should not circumvent the permissions
 model by using a setuid binary.


You'd like to be prompted to authenticate to get a process list? To
change your network preferences? To change your date/time? Wow, you
must like pain, and I have to say I'm in favour of getting stuff done
rather than pointless bureaucracy  :-)

The fundamental problem here is that the UNIX security model is
outdated and inflexible. Some things require root privs when they're
relatively innocuous. It's for developers to make informed and
educated decisions as to how to expose this stuff to the user, which
is sometimes not easy. While I certainly don't trust every random
developer on the platform, I don't see any viable alternative.

-- Finlay

How about the alternative of doing it the way Apple recommends since they wrote the OS and have thought out such issues?

I think that is far better than every random developer implementing his or her own way of doing security and then we wind up with a ton of software in which the security model varies from one product to the next. Talk about a nightmare for an administrator.

Michael
Orbital Launch & Lift, Inc.
http://www.orbitallaunch.com
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Re: Authorization without permanent setuid on helper (From: Bob Ippolito <email@hidden>)


 >Re: Authorization without permanent setuid on helper (From: John Davidorff Pell <email@hidden>)


 >Re: Authorization without permanent setuid on helper (From: Finlay Dobbie <email@hidden>)






    

  • Prev by Date:
Re: Authorization without permanent setuid on helper

    • 

  • Next by Date:
[Moderator] Re: Authorization without permanent setuid on helper

    • 

  • Previous by thread:
Re: Authorization without permanent setuid on helper

    • 

  • Next by thread:
Re: Authorization without permanent setuid on helper

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •