• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Running process as root from Cocoa
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Running process as root from Cocoa

  • Subject: Re: Running process as root from Cocoa
  • From: Chris Suter <email@hidden>
  • Date: Tue, 29 Jan 2008 17:54:44 +1100

On 29/01/2008, at 5:27 PM, Kyle Sluder wrote:

On Jan 29, 2008 1:20 AM, Mitchell Hashimoto <email@hidden> wrote:
What do you mean I can't access the window server?

To be accurate, it works now, but will be disabled in the future. A
full explanation can be had here:
http://developer.apple.com/technotes/tn2005/ tn2083.html#SECWINDOWSERVER

Basically, it boils down to this: the window server advertises a
service.  But it also advertises a "global window server service" that
apps running as both root and the current console user can connect to.
This global service is going away, which means that apps running as
root will no longer be able to put up GUI.

I'm no expert on this, but I don't know that it's true that you won't be able to run a GUI application as root. Even after the global window server service has gone away, I believe you will still be able to run a process as root because processes will inherit a reference to a per- session bootstrap namespace—simply changing the user ID doesn't change this inheritance. In Terminal if you were to type:

su someone_else
./MyGUIApp/Contents/MacOS/MyGUIApp

You'll find it works, even though the user ID doesn't match the current session and isn't root.

The removal of the "global window server service" will affect processes that don't inherit a per-session bootstrap namespace, for example, SSH logins.

Anyway, having said all that, you still shouldn't really run a GUI app as root if you're concerned at all about security.

As I said, I'm no expert so I could be wrong on this.

- Chris

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Running process as root from Cocoa
      • From: Torsten Curdt <email@hidden>
References: 
 >Running process as root from Cocoa (From: "Mitchell Hashimoto" <email@hidden>)
 >Re: Running process as root from Cocoa (From: Nir Soffer <email@hidden>)
 >Re: Running process as root from Cocoa (From: Bill Bumgarner <email@hidden>)
 >Re: Running process as root from Cocoa (From: "Mitchell Hashimoto" <email@hidden>)
 >Re: Running process as root from Cocoa (From: "Kyle Sluder" <email@hidden>)
 >Re: Running process as root from Cocoa (From: "Mitchell Hashimoto" <email@hidden>)
 >Re: Running process as root from Cocoa (From: "Kyle Sluder" <email@hidden>)
 >Re: Running process as root from Cocoa (From: "Mitchell Hashimoto" <email@hidden>)
 >Re: Running process as root from Cocoa (From: "Kyle Sluder" <email@hidden>)

  • Prev by Date: Re: keeping view's bounds fixed
  • Next by Date: Adjusting line spacing on a NSMutableString
  • Previous by thread: Re: Running process as root from Cocoa
  • Next by thread: Re: Running process as root from Cocoa
  • Index(es):
    • Date
    • Thread