Re: security framework and access()
Re: security framework and access()
- Subject: Re: security framework and access()
- From: Andreas Monitzer <email@hidden>
- Date: Fri, 13 Jul 2001 13:48:15 +0200
On Friday, July 13, 2001, at 10:20 , Matsumoto Shigeyuki wrote:
I'm making a GUI for '/usr/bin/hdiutil' which manipulates disk images.
Because 'hdiutil' requires the privilege to open/read raw disk devices,
I used AuthorizationExecuteWithPrivileges in security framework. But
launched instance of 'hdiutil' fails to open raw disk devices.
The reasons may be,
(1) AuthorizationExecuteWithPrivileges sets the effective user ID
to 0 (=root), but does not change the real user ID.
(2) The 'hdiutil' calls access() to check permissions, but access()
uses real user ID in place of the effective one.
Should I give up to use security framework?
Do you think 'sudo' is safe for my purpose?
No, sudo doesn't always ask for the password. How should you know what to
send?
I think you should write a tool that itself calls hdiutil. Something like:
#include <unistd.h>
main() { setuid(0); return execl(...); }
andy
--
Discussion forthcoming.