Re: Moving wrappers w/SUID contained executables (Was: Re: "First Run" installation of Application support stuff?)
Re: Moving wrappers w/SUID contained executables (Was: Re: "First Run" installation of Application support stuff?)
- Subject: Re: Moving wrappers w/SUID contained executables (Was: Re: "First Run" installation of Application support stuff?)
- From: Finlay Dobbie <email@hidden>
- Date: Thu, 19 Dec 2002 23:04:32 +0000
On Thursday, December 19, 2002, at 04:21 pm, Bill Bumgarner wrote:
Example:
User A should not be able to move a SUID executable-- assuming SUID
executable is owned by root, not very useful otherwise-- such that
User B can see it (if they could not before).
No, but moving it should be possible, making it lose its setuid bit. If
you move your application bundle around, then it should auto-repair the
bit on next launch.
Because a SUID executable is generally owned by root, it makes sense
that the user can't remove it.
Not a bug and more reason to use the Authorization APIs to execute the
binary w/the appropriate permissions. This will also work on a > CD-ROM.
Apple says AuthorizationExecuteWithPrivileges() should be avoided, it's
only a temporary solution for "installers". See the AuthSample code.
Also, if you have MyPrivilegedTool in your application bundle, and your
application bundle is world writable, then anybody could replace
MyPrivilegedTool with EvilHardDiskEraserUtility, and AEWP() would go
blindly ahead and execute it without thinking twice. Not good.
-- Finlay
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.