Re: switching to r00t
Re: switching to r00t
- Subject: Re: switching to r00t
- From: Finlay Dobbie <email@hidden>
- Date: Sun, 14 Oct 2001 21:32:14 +0100
On Sunday, October 14, 2001, at 09:22 pm, email@hidden wrote:
I am writing a program that needs to switch to user r00t at runtime. Is
this possible at all? In UNIX you can switch from r00t to any other user
with setuid() , however, I want the other way around. I have seen
password verification with the installation of the developer tools. Any
clues on my problem?
You can't just "switch" to run as root. What you are looking for is a
setuid root binary tool. The way to do this is:
Use the Security.framework to authenticate the user.
Make an AuthorizationExternalForm
Run a setuid root tool and pass the AuthorizationExternalForm to it any
way you like except arguments or environment variables (since those are
insecure, you should use a pipe or a mach message or DO or something).
In your setuid root tool, check that you are authorized to do what you
are meant to do.
Do whatever you want.
I hope that was clear. If you want to have a binary run as root (setuid
root), you can do this:
sudo chmod +s <file>
Note that this is really dangerous because it means that anybody can run
this program as root which is potentially very harmful if your program
is insecure.
I hope all of that was clear enough for you,
-- Finlay