Re: Authorization.h
Re: Authorization.h
- Subject: Re: Authorization.h
- From: Peter Sichel <email@hidden>
- Date: Tue, 6 Nov 2001 17:18:11 -0500
I think it is very unlikely to make an application suid (see the
Apple problems with NetInfo Manager and co). Maybe a little tool but
not an application. (it seems it's what you have done...).
I did make the application SUID root as a work around until Apple
fixed BSD Descriptor passing in 10.1 .
Imagine your application support plug-ins, the plug-ins can seteuid
whenever they want. And the frameworks are too big so they can
provide many security hole (like the Recent Items thing).
Now for my question:
I have an application that used to AuthorizationExecuteWithPrivileges
a unix shell script, but this seems to have stopped working around the
time I installed Apple's 10.1 security update. If I replace the shell
script with an executable image, it runs fine. Is this by design,
or is there some special attribute one can apply to execute a shell
script with privileges?
Hm... weird, DNSUpdate execute simple shell scripts with
AuthorizationExecuteWithPrivileges and it works fine under 10.1.
Yes, but did you install the 10.1 security update???
Thanks!
- Peter
--