Re: Setting the Environment with AuthorizationExecuteWithPrivileges
Re: Setting the Environment with AuthorizationExecuteWithPrivileges
- Subject: Re: Setting the Environment with AuthorizationExecuteWithPrivileges
- From: Finlay Dobbie <email@hidden>
- Date: Mon, 2 Jul 2001 20:58:08 +0100
On Monday, July 2, 2001, at 04:46 pm, Tommy Braas wrote:
Whenever you want to execute something in a secure environment the path
to the executable MUST be absolute. If not, well, a user might have an
application with the same name as the one you are trying to execute in
the path BEFORE your application. That application could potentially do
something bad to the system if run with extended privileges. Since this
poses a security problem it is no allowed.
You would probably want to try to resolve the path you get passed in to
something absolute. Since I don't know which environment you're working
in I can't give you any more pointers...
the trampoline probably also fork()s and runs execv() which takes a full
path, too.
-- Finlay