Re: Get root privileges with NSTask
Re: Get root privileges with NSTask
- Subject: Re: Get root privileges with NSTask
- From: Jean-Daniel Dupas <email@hidden>
- Date: Tue, 25 Mar 2008 14:19:55 +0100
If you didn't find anything useful in the Chris Hanson post and in the
link it provides, I'm not sure we can give you more help.
NSTask cannot launch an executable with more privilege than your
current task (except if it launches a setuid tool), and previous
responses already give you everything you have to now to perform a
privileged operation.
Le 25 mars 08 à 13:47, Mr. Gecko a écrit :
I looked around there and found nothing useful.
Here is my code that I am tying to get root privileges with.
NSTask* download = [[NSTask alloc] init];
[download setLaunchPath:@"/usr/bin/curl"];
[download setCurrentDirectoryPath:@"/"];
[download setArguments: [NSArray arrayWithObjects:@"-O",@"http://www.imagemagick.org/download/binaries/ImageMagick-universal-apple-darwin8.11.0.tar.gz
", nil]];
[download launch];
[download waitUntilExit];
NSTask* uncompress = [[NSTask alloc] init];
[uncompress setLaunchPath:@"/usr/bin/gnutar"];
[uncompress setCurrentDirectoryPath:@"/"];
[uncompress setArguments: [NSArray arrayWithObjects:@"-
xzf",@"ImageMagick-universal-apple-darwin8.11.0.tar.gz", nil]];
[uncompress launch];
[uncompress waitUntilExit];
NSTask* delete = [[NSTask alloc] init];
[delete setLaunchPath:@"/bin/rm"];
[delete setCurrentDirectoryPath:@"/"];
[delete setArguments: [NSArray arrayWithObjects:@"ImageMagick-
universal-apple-darwin8.11.0.tar.gz", nil]];
[delete launch];
[delete waitUntilExit];
On Mar 24, 2008, at 10:18 PM, Michael Watson wrote:
Search the list. This comes up often.
<http://search.lists.apple.com/?q=root+privileges&cmd=Search!&ul=cocoa-dev
>
When I say "it comes up often", I mean "this gets asked so often
that it actually was talked about yesterday". Chris Hanson posted
this:
(1) Use Authorization Services to create an authorization
reference for the right to unload your daemon.
(2) Use NSTask to run a setuid-root helper tool you've written
that can only unload your daemon.
(3) Pass the externalized form of the authorization reference from
#1 over a pipe to the task in #2.
(4) Verify in the task from #2 that the authorization reference
actually confers the appropriate right.
(5) Unload the daemon.
If the setuid helper tool isn't setuid-root,
AuthorizationExecuteWithPrivilegs should be used to fix that from
within the tool itself -- in other words, the helper tool should
be self-repairing.
THis is all described in "Performing Privileged Operations With
Authorization Services" at <http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/01introduction/chapter_1_section_1.html
>. Everyone who wants to perform privileged operations MUST read
and understand this document completely before attempting to write
code to do so, to preserve the security of their users' systems.
--
m-s
On 24 Mar, 2008, at 23:07, Mr. Gecko wrote:
Hello I am needing to get root privileges with NSTask so my
program can install some items that will get downloaded from the
internet with curl is that possible I know I can do that with
applescript.
Thanks for tips/help,
Mr. Gecko
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden