Re: AuthorizationExecuteWithoutPrivileges?
Re: AuthorizationExecuteWithoutPrivileges?
- Subject: Re: AuthorizationExecuteWithoutPrivileges?
- From: Kelly K <email@hidden>
- Date: Mon, 12 Aug 2002 10:12:29 -0700
Gerben,
A few things.
1. Documentation can be found at:
http://developer.apple.com/techpubs/macosx/CoreTechnologies/
securityservices/authservices.html
<subliminal msg>avoid using AEWP</subliminal msg>
2. You should always think about what you are running as root. If you
set your application to run as root, then _all_ the code is running as
root. Do you really trust the libraries you linked, the GUIs? You
probably shouldn't. Minimize the code that runs as root to only the
operation(s) that need to. Doing so will minimize the code you need to
audit for security leaks. This probably means creating a separate
process. Also consider whether or not the code needs to run as root,
or as another user with lesser powers.
<subliminal msg>avoid using AEWP</subliminal msg>
3. If you want to execute something without root privs, then execute
it as you normally would--without calling AEWP. When using an
AuthorizationRef, use AuthorizationFree with the flag
kAuthorizationFlagDestroyRights to destroy it and remove all
permissions. Once you are running as root, you can use fchown and
fchmod to change permissions too.
<subliminal msg>avoid using AEWP</subliminal msg>
4. You get AuthorizationTrampoline as the calling process for any call
to AEWP. If you use AuthorizationCopyRights, then the dialog will have
the name of your application/tool.
<subliminal msg>avoid using AEWP</subliminal msg>
Trust no one. ;-)
Kelly
---My dad asked about virus protection. I told him not to trust anyone
who sent him executables through email. He said thank you and asked me
not to email him anymore.---
On Monday, August 12, 2002, at 04:39 AM, Gerben Wierda wrote:
I am setting up an app wchih uses AuthorizationExecuteWithPrivileges.
Sometimes I want to run tasks also without privileges. No what I do
not like is to have two separate subprocess running environments in my
app, so I want to use AuthorizationExecuteWithPrivileges both for
authenticed and non-authenticated stuff. In othe rwords, I need some
sort of AuthorizationExecuteWithoutPrivileges behaviour ;-)
I tried creating different AuthorizationRefs (with
com.apple.TestApp.benign for instance), but when I try to use these
non-authenticated AUthorizationRefs in
AuthorizationExecuteWithPrivileges I get a Authentication telling me
something about wanting to change stuff in AuthorizationTrampoline, so
I must have hit on some internal state I the Security Framework.
Anyway, can someone tell me how I can create an AuthorizationRef for
running an subprocess that will be accepted by
AuthorizationExecuteWithPrivileges in such a way that that subprocess
is actually started, but not with the privileges. Changing
/etc/authorization is not an option, this needs to work on system with
an original authorization file. Or do I indeed have to write a second
thread in my app and do some fork/execve there myself? I guess so,
having read more on the framework, but I'd like to be sure I am not
overlooking something trivial.
Thanks,
G
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.