Re: Security framework question
Re: Security framework question
- Subject: Re: Security framework question
- From: Stéphane Sudre <email@hidden>
- Date: Wed, 11 Jul 2001 14:55:37 +0200
On mercredi, juillet 11, 2001, at 02:29 PM, Andreas Monitzer wrote:
On Wednesday, July 11, 2001, at 01:23 , Ed Silva wrote:
Well, after some digging I found that keeping a tool in the App bundle
isn'
t the only way to do it.
It turns out that if you make the application binary (ie:
MyApp.app/Contents/MacOS/MyApp) sutuid root it works just fine. The
way I figured this out was by looking at NetInfo Manager.app:
-rwsrwxr-x 1 root admin 175944 Jun 21 14:45 NetInfo Manager*
This seems much more reasonable to me than creating a separate tool to
do the job, but I wonder if there are security consequences.
Any thoughts (good or bad) on a setuid root app binary?
1. It's a big security risk
2. You have to use Apple's Installer to distribute the App, which can
cause many problems (like changed permissions somewhere, wiped
/Applications or something else)
About case 2, I've also read that there might be some problems. But I
haven't been able to see one after using Apple's Installer.
So what is really meant by "can cause" many problems ?