• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: How to embed framework in app with setuid helper
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to embed framework in app with setuid helper

  • Subject: Re: How to embed framework in app with setuid helper
  • From: Bill Cheeseman <email@hidden>
  • Date: Mon, 17 Sep 2007 18:17:53 -0400
  • Thread-topic: How to embed framework in app with setuid helper
on 2007-09-16 5:27 AM, Bill Cheeseman at email@hidden wrote:

> on 2007-09-15 8:00 PM, Bill Cheeseman at email@hidden wrote:
>
>> The setuid tool is
>> embedded in the framework for the sole purpose of running the accessibility
>> API AXMakeProcessTrusted() function, which must run as root, to make the
>> main application's executable "trusted".
>
> I misspoke. The setuid tool is embedded in the application, not the
> framework.

I have a confirmed diagnosis, but no cure.

It turns out that this problem is the result of an interaction between the
Accessiblity API's AXMakeProcessTrusted() function and dyld.

My application makes its executable "trusted" by the Accessibility API. It
does this by running an embedded setuid tool as root. The setuid tool runs
AXMakeProcessTrusted() against my main application executable. My
investigations have confirmed that AXMakeProcessTrusted() works by changing
my application executable's gid to "accessibility". I relaunch my
application by using another embedded tool to call -[NSWorkspace
launchApplication:]. This Cocoa method apparently calls execve(), which
eventually calls issetugid() when dyld tries to load my embedded framework.
The issetugid() function returns 1 when it sees that the executable's gid
has been changed, and dyld kills the app in mid-relaunch for security
reasons when it sees that the framework is embedded.

If I've got this right, it means that AXMakeProcessTrusted() can't be used
with any application that has embedded frameworks, unless I'm willing to
tell the user to relaunch my app from the Finder manually instead of
relaunching it for my user automatically. (Unless I can figure out how to
relaunch my app using AppleScript, or using the same Cocoa method or
execve() and divorcing the relaunched process from its launching parent
process by fiddling with the environment.)

Any feedback or suggestions about how to do this would be much appreciated.
Since it turns out that this is an accessibility issue, I'll inquire on the
accessibility list, too.

--

Bill Cheeseman - email@hidden
Quechee Software, Quechee, Vermont, USA
www.quecheesoftware.com

PreFab Software - www.prefabsoftware.com


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: How to embed framework in app with setuid helper
      • From: Ricky Sharp <email@hidden>
References: 
 >Re: How to embed framework in app with setuid helper (From: Bill Cheeseman <email@hidden>)

  • Prev by Date: Re: method confusion
  • Next by Date: Re: How to embed framework in app with setuid helper
  • Previous by thread: Re: How to embed framework in app with setuid helper
  • Next by thread: Re: How to embed framework in app with setuid helper
  • Index(es):
    • Date
    • Thread