• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Authorization Question (Possibly a simple POSIX question?)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authorization Question (Possibly a simple POSIX question?)

  • Subject: Re: Authorization Question (Possibly a simple POSIX question?)
  • From: Jean-Daniel Dupas <email@hidden>
  • Date: Fri, 21 Aug 2009 19:20:40 +0200

Le 21 août 2009 à 18:55, Todd Heberlein a écrit :

I don't understand how the app allowed to use that file descriptor to read the file's contents.

Its a general UNIX thing. If you have a book on UNIX interprocess communications, you can probably find some details in it. And as others have pointed out, permissions are checked at the time of the initial open only.


but how can another process just start using that descriptor? Is it because it's the parent process?

I am pretty sure your helper tool's parent process is actually the launchd process which is owned by root.


The app only preauthorized some arbitrary right, it didn't actually get any privileges to open and read a protected file.

Authorization in MacOS X is a little difficult for me to get my head around, but here is what I think is happening. When you authorize or preauthorize, you can have those authorization rights credentials stick around for a specified period of time. This authorization credential cache is global, so other processes can look into it. Then later when another process (i.e., your HelperTool) needs authorization to do something, like opening the file, it first checks the cache to see if you already have the credential. If so, it doesn't bother to prompt you again to access your password.

My understanding is that you have to serialize and pass the credential to the helper tool, not that it is store in a global cache, but I may be wrong.

One reason to preauthorize in your Cocoa app is simply to prevent your code from launching the helper tool if you aren't going to be able to provide the right information (i.e., password) in the first place. 


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Authorization Question (Possibly a simple POSIX question?) (From: Seth Willits <email@hidden>)


 >Re: Authorization Question (Possibly a simple POSIX question?) (From: Todd Heberlein <email@hidden>)






    

  • Prev by Date:
Formatting/partitioning drives with Cocoa

    • 

  • Next by Date:
Re: Execution of Replaced Method Jumps back to top -- How??

    • 

  • Previous by thread:
Re: Authorization Question (Possibly a simple POSIX question?)

    • 

  • Next by thread:
When to 'release' in Cocoa management?

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •