• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Authentication: Please critique my solution.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Authentication: Please critique my solution.

  • Subject: Authentication: Please critique my solution.
  • From: "Huyler, Christopher M" <email@hidden>
  • Date: Wed, 8 Oct 2003 11:54:19 -0400
  • Thread-topic: Authentication: Please critique my solution.
Here's the deal, I followed the tutorial below to gain authentication
inside my Preference Pane:
http://www.stepwise.com/Articles/Technical/2001-03-26.01.html

The sole purpose of this preference pane is launch services that are
owned by root. This is a unix-based product and on a normal unix
machine it would be installed by root and managed by root. That's the
way it works and there is no way around it at this stage. I am in
charge of porting this product to Mac OS X since Mac is now unix-based.
However, There needs to be a way to start/stop the services w/o logging
into a terminal. The preference pane seemed to be the best place to do
this.

Using AuthorizationCopyRights and AuthorizationExecuteWithPrivileges I
am able to launch our startup shell scripts from my preference pane (the
scripts are also installed and owned by root). However, the one catch
is that they are launched with euid=0(root) instead of uid=0(root).
This wouldn't matter for most applications but we use the environment
variable DYLD_LIBRARY_PATH which can only be used by uid=0(root). As a
way around this I have come up with a solution but I need your opinion
as to whether it is safe. Rather than develop a huge tool that will
handle all the authentication, I want to use a simple tool that simply
changes the uid. This leaves all complex work of authenticating to the
PreferencePane. The tool of course will be installed and owned by root
along side our services meaning root access would be required to replace
this tool with malicious code.

Here's the code that will be launched with
AuthorizationExecuteWithPrivileges:

#include <unistd.h>
#include <stdio.h>

int main(int argc, char * const *argv)
{
if (geteuid() != 0 && getuid() != 0)
{
printf("This tool can only be executed with root
privileges.\n");
exit(1);
}
else if (getuid() != 0)
{
setuid(geteuid());
}

if (argc == 2 && !strcmp(argv[1], "-InoStart"))
{
printf("Executing InoStart as root...");
char *const arr[] =
{"/path/to/script/InoStart.sh","-verbose",NULL};
execv (arr[0],arr);
}

printf("Done\n");
}

It seems that apple is very set on having people use the security
framework functions within the tool. This method breaks that unwritten
rule, but it follows the very simplistic tutorial at stepwise.com.

Please explain to me if, how, and why this is a security issue.

Thanks in advance,
~ Chris

--
Christopher Huyler
Computer Associates
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
  • Prev by Date: Re: Storing preferenses
  • Next by Date: Re: NSConnection question
  • Previous by thread: Re: Drag out
  • Next by thread: RE: Authentication: Please critique my solution.
  • Index(es):
    • Date
    • Thread