Moving wrappers w/SUID contained executables (Was: Re: "First Run" installation of Application support stuff?)
Moving wrappers w/SUID contained executables (Was: Re: "First Run" installation of Application support stuff?)
- Subject: Moving wrappers w/SUID contained executables (Was: Re: "First Run" installation of Application support stuff?)
- From: Bill Bumgarner <email@hidden>
- Date: Thu, 19 Dec 2002 11:21:34 -0500
On Thursday, Dec 19, 2002, at 08:22 US/Eastern,
email@hidden wrote:
On Thursday, December 19, 2002, at 12:31 am, John C. Randolph wrote:
Leave them in the app wrapper. The Application Support directory is
for data, not executables.
Last I heard, users couldn't move/delete application bundles with suid
binaries inside them. That was in 10.1, though, has it been fixed?
This is a security feature.
Example:
User A should not be able to move a SUID executable-- assuming SUID
executable is owned by root, not very useful otherwise-- such that User
B can see it (if they could not before).
Because a SUID executable is generally owned by root, it makes sense
that the user can't remove it.
Not a bug and more reason to use the Authorization APIs to execute the
binary w/the appropriate permissions. This will also work on a CD-ROM.
b.ubm
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.