• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Running EUID as root
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Running EUID as root

  • Subject: Re: Running EUID as root
  • From: Eric Peyton <email@hidden>
  • Date: Tue, 21 Aug 2001 10:43:43 -0500
On Tuesday, August 21, 2001, at 09:27 AM, Peter Sichel wrote:

The description below is helpful, but begs the question how do
typical end users install your application as SUID root?

Typical end users shouldn't be installing setuid(root) applications. Unless I know or trust the author very well, a setuid(root) application in my mind is insecure and untrustworthy. Why exactly does your application need root access? What does user access to the networking stacks not provide?

However, I do understand the needs for some types of applications to be run as root (dubious as some of those needs are :-) ). Monitors, UI hacks, etc. all need root access.

The only installer that I know of that can install setuid(root) applications is the apple installer.


Ideally, I want to support drag and drop install.

Don't we all. If that is what you want, then you will need to use the authorization framework to run a tool that will promote your application to setuid(root) status, and then require the user to restart the application. I have never tried this, but it should work. As I see from your comments below, we think alike :-)



I've written a simple unix tool called "IPNetMonitorAuthorize"
that sets my app to be SUID root by doing:

Cool.



chmod 4777 path-to-my-tool/IPNetMonitorX
chown root path-to-my-tool/IPNetMonitorX

I've tested that it works from the terminal.
That is, before running my tool

"ls -l"
-rwxr-xr-x 1 psichel wheel 794740 Aug 21 10:02 IPNetMonitorX

Running the tool without privileges fails:

../Resources/IPNetMonitorAuthorize
chown: ../macos/IPNetMonitorX: Operation not permitted

and with privileges works as follows [SUID bit set, owner is root]:

sudo ../Resources/IPNetMonitorAuthorize
ls -l
-rwsrwxrwx 1 root wheel 794740 Aug 21 10:02 IPNetMonitorX

When my app starts up, I use the Security Framework to check if
I'm already authorized,

Why don't you check if the app is setuid(root) instead?

and if not to AuthorizationExecuteWithPrivileges
IPNetMonitorAuthorize. My plan is to check if I'm authorized, and if
not authorize myself, quit the app, and relaunch it. This only
needs to happen once when my applications bundle is copied
to a new location.

I've encountered two problems:
(1) When I AuthorizationExecuteWithPrivileges IPNetMonitorAuthorize
it sets the SUID bit, but chown root fails (the owner doesn't
change). Any idea why?

No, but my suspicion is that ...

Does my tool need to raise the EUID
first?

You should try this :-)

Does AuthorizationExecuteWithPrivileges really execute
my tool as root?

The Security Server is running as root, and it executes your application itself. I'm not sure if the security server is part of Darwin so I don't know if you can look at the code and see how it executes your tool.

The result code says it succeeded, and the
Security Framework reports my app is authorized.

(2) The Security Framework always reports my app is not authorized
until it collects a username and password even if my app is
already SUID root.

Yes, that is correct.

What exactly does authorizing with the
Security Framework do that is different from being EUID root?

What's the Macintosh way to deliver an end user application
that needs to run as root?

Since the Macintosh traditionally never had this issue, we are treading new waters here. We are *defining* the "Macintosh way to deliver and end user application that needs to run as root". Welcome to the bleeding edge :-)

Eric

Any pointers would be much appreciated.

- Peter


At 8:19 AM -0500 8/21/01, Eric Peyton wrote:
You cannot change an application that is not setuid(root) or run by root from the euid of an arbitrary user to the euid of root. The MacOSX underlying BSD/kernel implementation prevents it. A user application can NEVER become root. You will either need to ...

a) install your application setuid(root)
b) teach your users how to run your application as root
c) encapsulate your pcap code in a unix tool that is setuid(root) and communicate back with the main app in some manner
c) encapsulate your pcap code in a unix tool that is run from your main application and could be launched with ApplicationExecuteWithPrivileges() and communicates back with the main app in some manner.

There are a number of
examples of using the Security Framework to
AuthorizeExecuteWithPrivileges() another progam (e.g., at Stepwise), but
I want my own process to run in root mode.

-- _______________________________________________
cocoa-dev mailing list
email@hidden
http://www.lists.apple.com/mailman/listinfo/cocoa-dev

References: 
 >Re: Running EUID as root (From: Peter Sichel <email@hidden>)

  • Prev by Date: Re: Running EUID as root
  • Next by Date: .jpg image icon
  • Previous by thread: Re: Running EUID as root
  • Next by thread: .jpg image icon
  • Index(es):
    • Date
    • Thread