Lists

Open Menu Close Menu

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: How to exec a subtool as root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to exec a subtool as root

Subject: Re: How to exec a subtool as root
From: Jim Correia <email@hidden>
Date: Tue, 21 Jan 2003 23:46:21 -0500

On Tuesday, January 21, 2003, at 11:33 PM, Vince DeMarco wrote:

Use the Authorization code in the Security Framework to do this. You should not ship the tool as a setuid process.

look at AuthorizationExecuteWithPrivileges()

This recommendation seems counter the current docs and the info disseminated at WWDC.

<http://developer.apple.com/techpubs/macosx/CoreTechnologies/ securityservices/authorizationservices/authorization_ref/01authref_ref/ function_group_4.html>

This function poses a security concern because it will indiscriminately run any tool or application, severely increasing the security risk. You should avoid the use of this function if possible. One alternative is to split your code into two partsthe application and a setuid tool. The application invokes the setuid tool using standard methods. The setuid tool can then perform the privileged operations. If the tool loses its setuid bit, use the AuthorizationExecuteWithPrivileges function to repair it.

Jim
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.

Follow-Ups:
- Re: How to exec a subtool as root
  - From: Vince DeMarco <email@hidden>

References:
	>Re: How to exec a subtool as root (From: Vince DeMarco <email@hidden>)

Prev by Date: Re: How to exec a subtool as root
Next by Date: Re: syncing NSTimer with system clock...
Previous by thread: Re: How to exec a subtool as root
Next by thread: Re: How to exec a subtool as root
Index(es):
- Date
- Thread