Re: Running EUID as root
Re: Running EUID as root
- Subject: Re: Running EUID as root
- From: Eric Peyton <email@hidden>
- Date: Tue, 21 Aug 2001 10:43:43 -0500
On Tuesday, August 21, 2001, at 09:27 AM, Peter Sichel wrote:
The description below is helpful, but begs the question how do
typical end users install your application as SUID root?
Typical end users shouldn't be installing setuid(root) applications.
Unless I know or trust the author very well, a setuid(root) application
in my mind is insecure and untrustworthy. Why exactly does your
application need root access? What does user access to the networking
stacks not provide?
However, I do understand the needs for some types of applications to be
run as root (dubious as some of those needs are :-) ). Monitors, UI
hacks, etc. all need root access.
The only installer that I know of that can install setuid(root)
applications is the apple installer.
Ideally, I want to support drag and drop install.
Don't we all. If that is what you want, then you will need to use the
authorization framework to run a tool that will promote your application
to setuid(root) status, and then require the user to restart the
application. I have never tried this, but it should work. As I see
from your comments below, we think alike :-)
I've written a simple unix tool called "IPNetMonitorAuthorize"
that sets my app to be SUID root by doing:
Cool.
chmod 4777 path-to-my-tool/IPNetMonitorX
chown root path-to-my-tool/IPNetMonitorX
I've tested that it works from the terminal.
That is, before running my tool
"ls -l"
-rwxr-xr-x 1 psichel wheel 794740 Aug 21 10:02 IPNetMonitorX
Running the tool without privileges fails:
../Resources/IPNetMonitorAuthorize
chown: ../macos/IPNetMonitorX: Operation not permitted
and with privileges works as follows [SUID bit set, owner is root]:
sudo ../Resources/IPNetMonitorAuthorize
ls -l
-rwsrwxrwx 1 root wheel 794740 Aug 21 10:02 IPNetMonitorX
When my app starts up, I use the Security Framework to check if
I'm already authorized,
Why don't you check if the app is setuid(root) instead?
and if not to AuthorizationExecuteWithPrivileges
IPNetMonitorAuthorize. My plan is to check if I'm authorized, and if
not authorize myself, quit the app, and relaunch it. This only
needs to happen once when my applications bundle is copied
to a new location.
I've encountered two problems:
(1) When I AuthorizationExecuteWithPrivileges IPNetMonitorAuthorize
it sets the SUID bit, but chown root fails (the owner doesn't
change). Any idea why?
No, but my suspicion is that ...
Does my tool need to raise the EUID
first?
You should try this :-)
Does AuthorizationExecuteWithPrivileges really execute
my tool as root?
The Security Server is running as root, and it executes your application
itself. I'm not sure if the security server is part of Darwin so I
don't know if you can look at the code and see how it executes your tool.
The result code says it succeeded, and the
Security Framework reports my app is authorized.
(2) The Security Framework always reports my app is not authorized
until it collects a username and password even if my app is
already SUID root.
Yes, that is correct.
What exactly does authorizing with the
Security Framework do that is different from being EUID root?
What's the Macintosh way to deliver an end user application
that needs to run as root?
Since the Macintosh traditionally never had this issue, we are treading
new waters here. We are *defining* the "Macintosh way to deliver and
end user application that needs to run as root". Welcome to the
bleeding edge :-)
Eric
Any pointers would be much appreciated.
- Peter
At 8:19 AM -0500 8/21/01, Eric Peyton wrote:
You cannot change an application that is not setuid(root) or run by
root from the euid of an arbitrary user to the euid of root. The
MacOSX underlying BSD/kernel implementation prevents it. A user
application can NEVER become root. You will either need to ...
a) install your application setuid(root)
b) teach your users how to run your application as root
c) encapsulate your pcap code in a unix tool that is setuid(root) and
communicate back with the main app in some manner
c) encapsulate your pcap code in a unix tool that is run from your
main application and could be launched with
ApplicationExecuteWithPrivileges() and communicates back with the main
app in some manner.
There are a number of
examples of using the Security Framework to
AuthorizeExecuteWithPrivileges() another progam (e.g., at Stepwise),
but
I want my own process to run in root mode.
-- _______________________________________________
cocoa-dev mailing list
email@hidden
http://www.lists.apple.com/mailman/listinfo/cocoa-dev