Re: Authorization without permanent setuid on helper
Re: Authorization without permanent setuid on helper
- Subject: Re: Authorization without permanent setuid on helper
- From: Andrew Farmer <email@hidden>
- Date: Fri, 21 Jan 2005 21:46:44 -0800
On 21 Jan 2005, at 21:16, John Davidorff Pell wrote:
Actually, ps on Mac OS X works at about 90% without the setuid bit.
Try making a copy of it on your desktop, without the setuid bit set,
and run it. It will look identical to output from the on in /bin. Add
the flags "aux" and it will only fail to report about command line
arguments and certain stats for non-current-user processes.
Ah! I didn't know that - I thought that ps needed setuid to work at
all. Odd.
Also, I'd like to point out that the last 10% is missing only because
the BSD security model inherited from long ago is in need of some
updating. Certain kernel structures ought to be exposed to user-space,
such as most of what ps needs.
So write a kernel patch to create a procfs, or for process-listing
syscalls.
(Some of it ought to stay hidden tough, and ps shouldn't be apple to
report it to random users, such as command-line-args. There are some
apple-supplied tools that require your password specified on the
command line! I think some of the kerberos admin tools do, I forget
its been a while.)
Then those tools should be fixed. File a bug report.
Attachment:
PGP.sig
Description: This is a digitally signed message part
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden