Re: Allow only root/admin users to execute the cocoa app
Re: Allow only root/admin users to execute the cocoa app
- Subject: Re: Allow only root/admin users to execute the cocoa app
- From: Jean-Daniel Dupas <email@hidden>
- Date: Mon, 25 Jan 2010 12:26:48 +0100
Le 25 janv. 2010 à 11:15, vincent habchi a écrit :
> Le 25 janv. 2010 à 10:43, Jean-Daniel Dupas a écrit :
>
>> So unless you think you know better than Apple what you're doing, never run an GUI application with privileges. Gwynne's anwser give you some reasons why this is bad.
>
> Je ne dis rien de tel ;)
>
Et je n'ai pas dis que tu l'avais fait ;-) C'est juste un conditionnel.
> Look at the text: the security measure does not concern executing AppKit as root, it concerns applications having a setuid or setgid bit set. This is plain right. It does not, however, concern Application launched by the superuser, either as root or su/sudo.
>
> I never meant I know things better than Apple: I understand the reasons, I don't say they are pointless - in fact I agree with most of them. I just wonder why, since I know at least two or three Unix/BSD/X11 applications that run under superuser privileges, and this has never raised a strong protest amidst security addicts. But I know MacOS is not Unix :)
>
> Pas de quoi s'énerver ! ;)
Sorry if my message sound rude, it was not my intend.
If you want a concrete example of why you should avoid this, search "Apple Remote Desktop Root Privilege Escalation" in Google.
-- Jean-Daniel
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden