Re: Security framework refuses to work at all
Re: Security framework refuses to work at all
- Subject: Re: Security framework refuses to work at all
- From: email@hidden
- Date: Fri, 25 Oct 2002 21:41:22 +0200
On vendredi, octobre 25, 2002, at 08:12 PM, Kelly K wrote:
On Friday, October 25, 2002, at 06:17 AM, Stiphane Sudre wrote:
[...]
Special Considerations
You should use this function only to allow installers to run as root
and to allow a setuid tool to repair its setuid bit if lost. This
function works only if the Security Server establishes proper
authorization.
This function poses a security concern because it will
indiscriminately run any tool or application, severely increasing
the security risk.
This is the line I don't agree with. It will not run any tool, it
will run the tool I set in the path as stated by the documentation:
"This function enables you to execute the tool you specify in the
pathToTool parameter as a separate, privileged process."
Yes, until someone replaces the tool you call with my EvilTool [tm
patent pending]. AEWP will call any tool, regardless of the
privileges set on that tool. So now your app calls my EvilTool with
root privileges. While this may not be an issue with mv, or tools
with certain permissions sets, it is definitely a problem if
permissions allow the tool to be easily replaced.
I might be missing something obvious but I don't see what the
difference is between:
- Application A running 'mv' via the Security Framework
- Application A running Application B via Security Framework and
Application B running 'mv'
In both cases, your EvilTool is going to run with the root privileges.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.