• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: How to embed framework in app with setuid helper
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to embed framework in app with setuid helper

  • Subject: Re: How to embed framework in app with setuid helper
  • From: Ricky Sharp <email@hidden>
  • Date: Mon, 17 Sep 2007 17:54:19 -0500

On Sep 17, 2007, at 5:17 PM, Bill Cheeseman wrote:

on 2007-09-16 5:27 AM, Bill Cheeseman at email@hidden wrote:

on 2007-09-15 8:00 PM, Bill Cheeseman at email@hidden wrote:

The setuid tool is
embedded in the framework for the sole purpose of running the accessibility
API AXMakeProcessTrusted() function, which must run as root, to make the
main application's executable "trusted". 

I misspoke. The setuid tool is embedded in the application, not the
framework.


I have a confirmed diagnosis, but no cure.

It turns out that this problem is the result of an interaction between the
Accessiblity API's AXMakeProcessTrusted() function and dyld.

My application makes its executable "trusted" by the Accessibility API. It
does this by running an embedded setuid tool as root. The setuid tool runs
AXMakeProcessTrusted() against my main application executable. My
investigations have confirmed that AXMakeProcessTrusted() works by changing
my application executable's gid to "accessibility". I relaunch my
application by using another embedded tool to call -[NSWorkspace
launchApplication:]. This Cocoa method apparently calls execve(), which
eventually calls issetugid() when dyld tries to load my embedded framework.
The issetugid() function returns 1 when it sees that the executable's gid
has been changed, and dyld kills the app in mid-relaunch for security
reasons when it sees that the framework is embedded.

If I've got this right, it means that AXMakeProcessTrusted() can't be used
with any application that has embedded frameworks, unless I'm willing to
tell the user to relaunch my app from the Finder manually instead of
relaunching it for my user automatically. (Unless I can figure out how to
relaunch my app using AppleScript, or using the same Cocoa method or
execve() and divorcing the relaunched process from its launching parent
process by fiddling with the environment.)

Any feedback or suggestions about how to do this would be much appreciated.
Since it turns out that this is an accessibility issue, I'll inquire on the
accessibility list, too.

If you go with an AppleScript solution, the following technote may be useful since it deals with launching scripts that require admin privileges:

<http://developer.apple.com/technotes/tn2002/tn2065.html>


___________________________________________________________
Ricky A. Sharp         mailto:email@hidden
Instant Interactive(tm)   http://www.instantinteractive.com

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Re: How to embed framework in app with setuid helper (From: Bill Cheeseman <email@hidden>)






    

  • Prev by Date:
Re: How to embed framework in app with setuid helper

    • 

  • Next by Date:
TextEdit features in my Cocoa app

    • 

  • Previous by thread:
Re: How to embed framework in app with setuid helper

    • 

  • Next by thread:
Re: [NSKeyedUnarchiver decodeObjectForKey:] bug during call to   [NSDocumentController openUntitledDocumentAndDisplay: error:]

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •