Re: Security framework refuses to work at all
Re: Security framework refuses to work at all
- Subject: Re: Security framework refuses to work at all
- From: Kelly K <email@hidden>
- Date: Fri, 25 Oct 2002 11:12:45 -0700
On Friday, October 25, 2002, at 06:17 AM, Stiphane Sudre wrote:
[...]
Special Considerations
You should use this function only to allow installers to run as root
and to allow a setuid tool to repair its setuid bit if lost. This
function works only if the Security Server establishes proper
authorization.
This function poses a security concern because it will
indiscriminately run any tool or application, severely increasing the
security risk.
This is the line I don't agree with. It will not run any tool, it will
run the tool I set in the path as stated by the documentation:
"This function enables you to execute the tool you specify in the
pathToTool parameter as a separate, privileged process."
Yes, until someone replaces the tool you call with my EvilTool [tm
patent pending]. AEWP will call any tool, regardless of the privileges
set on that tool. So now your app calls my EvilTool with root
privileges. While this may not be an issue with mv, or tools with
certain permissions sets, it is definitely a problem if permissions
allow the tool to be easily replaced.
~ Kelly
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.