• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Authorization without permanent setuid on helper
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authorization without permanent setuid on helper

  • Subject: Re: Authorization without permanent setuid on helper
  • From: Finlay Dobbie <email@hidden>
  • Date: Sat, 22 Jan 2005 11:10:16 +0000
On Fri, 21 Jan 2005 20:48:25 -0800, John Davidorff Pell
<email@hidden> wrote:
> There is no need to be root to get a process list and there is no
> reason to change the date or time often. I would rather be asked (more
> like notified) if someone is trying to change my system clock, to use
> your example. The one time that I set the clock after install, putting
> in my password is absolutely acceptable.

I'm not sure that the process list thing has always been the case, but
perhaps it was a poor example.

> You seem to have a very static idea of the "UNIX security model".

OK, would you prefer I said "The security model employed by Mac OS X's
BSD layer"?

> I would be happy so long as all possible effort is made to avoid
> running something as root. If it is required to use some feature of
> your program, and I as a user want that feature, then obviously I'll
> live with a process running as root.

Well, duh. That's what setuid tools do. They factor out the LITTLE BIT
OF THE PROGRAM that needs to run as root into a setuid tool, which
then refuses to operate unless a valid authorization reference has
been passed in. Depending on the user's privileges (and the right
you're authorizing against) they could already be pre-authorized based
on their membership of the admin group or whatever.

Personally, I like System Preferences not requiring me to authenticate
if I'm an admin user - I've already authenticated the fact that I have
the credentials to perform the operations.

Anyway, I'm just saying that your assertion, implied or otherwise,
that nothing ever needs to run as root and anything that should run as
root should need your explicit permission to do so is one that I
disagree with.

By the way, what about StartupItems and kernel extensions? Should you
have to authorize every single one of those at boot by typing your
password? They certainly get super-user privs by default.

Or should you just have to do it once, at installation? Sounds more sane to me.

 -- Finlay
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Authorization without permanent setuid on helper
      • From: John Davidorff Pell <email@hidden>
References: 
 >Re: Authorization without permanent setuid on helper (From: Bob Ippolito <email@hidden>)
 >Re: Authorization without permanent setuid on helper (From: John Davidorff Pell <email@hidden>)
 >Re: Authorization without permanent setuid on helper (From: Finlay Dobbie <email@hidden>)
 >Re: Authorization without permanent setuid on helper (From: John Davidorff Pell <email@hidden>)

  • Prev by Date: Re: Authorization without permanent setuid on helper
  • Next by Date: Re: What fonts are guaranteed to be on a user's machine?
  • Previous by thread: Re: Authorization without permanent setuid on helper
  • Next by thread: Re: Authorization without permanent setuid on helper
  • Index(es):
    • Date
    • Thread