• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Running EUID as root (was Re: libpcap in Cocoa)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Running EUID as root (was Re: libpcap in Cocoa)

  • Subject: Re: Running EUID as root (was Re: libpcap in Cocoa)
  • From: Eric Peyton <email@hidden>
  • Date: Tue, 21 Aug 2001 08:19:12 -0500
On Monday, August 20, 2001, at 10:52 PM, Todd Heberlein wrote:

From: Ivan Myrvold <email@hidden>

Yes, that got it through the compile and link cycle without
errors. Thank you for holding my hand through this!

Glad we could help.

Now if you can figure out how to open that pcap tap live (which requires
root privilege), I would love to hear about it.

If I set my program to be SUID root it works fine, but I cannot figure
out how to get the Security Framework to move my process running with my
effective UID into an effective UID of root.

You cannot change an application that is not setuid(root) or run by root from the euid of an arbitrary user to the euid of root. The MacOSX underlying BSD/kernel implementation prevents it. A user application can NEVER become root. You will either need to ...

a) install your application setuid(root)
b) teach your users how to run your application as root
c) encapsulate your pcap code in a unix tool that is setuid(root) and communicate back with the main app in some manner
c) encapsulate your pcap code in a unix tool that is run from your main application and could be launched with ApplicationExecuteWithPrivileges() and communicates back with the main app in some manner.


There are a number of
examples of using the Security Framework to
AuthorizeExecuteWithPrivileges() another progam (e.g., at Stepwise), but
I want my own process to run in root mode.

Then it needs to be installed in "root mode".



I have seen some interesting behavior during experiments. For example,
sometimes the program prompts me for my username and password, and
sometimes it doesn't. Is the system caching the results somewhere?

Yes, the security server caches the passwords and current authorizations for a specific period of time. In Mac OS X 10.0.x I do not believe there is a way to control this timeout. I also believe at some time in the future you will be able to configure this (along with who does and does not see the panels, etc. I do not know the time frame for this configurability.


Also, if I want to run EUID==root, should I enter root's username and
password, or should I use my own?

You can enter any name that will authorize, however your app will never run with EUID==root.

Eric



Any suggestions?

Todd
_______________________________________________
cocoa-dev mailing list
email@hidden
http://www.lists.apple.com/mailman/listinfo/cocoa-dev

  • Follow-Ups:
    • Re: Running EUID as root
      • From: Peter Sichel <email@hidden>
References: 
 >Running EUID as root (was Re: libpcap in Cocoa) (From: "Todd Heberlein" <email@hidden>)

  • Prev by Date: Re: Thanx for helping me! Another newbie question inside.
  • Next by Date: RE: Bug in NSString stringWithFormat (or sprintf)?
  • Previous by thread: Running EUID as root (was Re: libpcap in Cocoa)
  • Next by thread: Re: Running EUID as root
  • Index(es):
    • Date
    • Thread