Re: How to exec a subtool as root
Re: How to exec a subtool as root
- Subject: Re: How to exec a subtool as root
- From: Vince DeMarco <email@hidden>
- Date: Tue, 21 Jan 2003 20:33:18 -0800
Use the Authorization code in the Security Framework to do this. You
should not ship the tool as a setuid process.
look at AuthorizationExecuteWithPrivileges()
vince
On Tuesday, January 21, 2003, at 04:13 PM, ryan wrote:
Hi,
Thank you all for replying.
When I say 'setuid root' what I mean is the file is owned by root and
has
the 'set user id' bit set (+s). The kernel will set the effective
and/or
real user id to the owner of the file.
I am going with a subtool which self-execs itself with a token it
received
from the main app.
My app is a ISP 'installer' which creates network configuration. To
successfully create a new network location you have to run the code as
effective user id 0 (root). That is what is driving my investigation.
Thank you all for the insightful recommendations.
Regards,
-ryan
On 1/21/03 4:08 PM, "Dave Camp" <email@hidden> wrote:
The calling application is supposed to authenticate the user and get
an
authorization token. That token is sent to the suid tool which checks
with the security framework to see if it is still valid. If so, it
then
does whatever it was supposed to do. If the check fails, the tool
should stop.
I think that is what the documentation is suggesting.
Dave
On Tuesday, January 21, 2003, at 02:53 PM, Sven A. Schmidt wrote:
On Montag, Januar 20, 2003, at 08:13 Uhr, ryan wrote:
Hello,
I have been thinking about the security model in Mac OS X and how to
use the
security framework to execute privileged commands.
The documentation states that the use of
'AuthorizationExecuteWithPrivileges' should be limited to having a
small
tool self-exec to cause it to become setuid root. After that point
anytime
someone calls that small tool it runs as user root. This seems
like a
fairly big security hole to me. Once you set a small tool setuid
root, then
someone could run it and do a buffer overflow, or some such naughty
thing,
and gain root access potentially.
Ryan,
I'm not sure if I can follow you on everything you're saying, but I
think there's a misunderstanding here: Even if you setuid(0) in a
tool, unless you are the super user calling that tool (or get super
user privileges by way of sudo), it will not be promoted to real and
effective uid 0.
From the setuid manpage:
DESCRIPTION
The setuid() function sets the real and effective user IDs and
the saved
set-user-ID of the current process to the specified value. The
setuid()
function is permitted if the effective user ID is that of the
super user,
or if the specified user ID is the same as the effective user
ID.
If
not, but the specified user ID is the same as the real user ID,
setuid()
will set the effective user ID to the real user ID.
I might be missing your point completely, though...
Sven
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
---
The path of least resistance, it's not just for electricity any more.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.