Re: authorisation
Re: authorisation
- Subject: Re: authorisation
- From: Chris Hanson <email@hidden>
- Date: Wed, 20 Aug 2003 16:32:49 -0500
On Wednesday, August 20, 2003, at 07:00 AM, popey le marin wrote:
I works wonderfully, but I need to set the setUID byte with the user
set to root. Else, the setup failed.
In the Unix security model, there is no way to simply acquire higher
privileges. You need to break the network configuration behavior out
into a separate Unix tool, and use the Authorization API to execute
that with elevated privileges.
What's more, you *never* want to make anything as complex as a
graphical application run as setuid-root. Keep the amount of code that
could possibly run with elevated privileges to an absolute minimum.
Apple has a bit of sample code demonstrating how to do this. If you
have questions, you may want to ask them on Apple's network development
mailing list (MacNetworkProg) since that's where most of the people
writing this sort of code hang out.
-- Chris
--
Chris Hanson, bDistributed.com, Inc. | Email: email@hidden
Custom Mac OS X Development | Phone: +1-847-372-3955
http://bdistributed.com/ | Fax: +1-847-589-3738
http://bdistributed.com/Articles/ | Personal Email: email@hidden
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.