Re: Security framework question
Re: Security framework question
- Subject: Re: Security framework question
- From: Ed Silva <email@hidden>
- Date: Wed, 11 Jul 2001 15:44:36 -0700
LOL! Okay I get the picture! I'll play nice, I promise. :-)
I still think having to create a separate tool for this functionality is
lame.
There must be some way to getting the system to grant extended privileges
to an app on a per process basis. It has to be possible, because I can
think of all kinds of reasons why it would suck to have to always use a
separate tool to get things done... Hell, if IRIX can do this why not
Darwin?
In the mean time I'll be ripping out parts of my code to put in a tool...
On Wednesday, July 11, 2001, at 01:53 AM, Scott Anguish wrote:
On Tuesday, July 10, 2001, at 07:23 PM, Ed Silva wrote:
It turns out that if you make the application binary (ie:
MyApp.app/Contents/MacOS/MyApp) sutuid root it works just fine. The way
I figured this out was by looking at NetInfo Manager.app:
-rwsrwxr-x 1 root admin 175944 Jun 21 14:45 NetInfo Manager*
This seems much more reasonable to me than creating a separate tool to
do the job, but I wonder if there are security consequences.
It is very bad.. horribly bad... like, don't do it bad.
If the app is setuid root, ANYTHING the app does will be done as
root. files saved, permissions for delete and everything else.
Anything your app can do, or executes is done as root.
Terrible, horrible bad thing to do. The NetInfo Manager does it is a
bit of a requirement for the app.
There is no need to go this way, and use of your app will be
extremely limited if you choose to go this way..
Bad mojo.. very..
Am I getting my concerns across? :-)
Cheers,
--Ed