RE: Authentication: Please critique my solution.
RE: Authentication: Please critique my solution.
- Subject: RE: Authentication: Please critique my solution.
- From: "Huyler, Christopher M" <email@hidden>
- Date: Fri, 10 Oct 2003 15:21:22 -0400
- Thread-topic: Authentication: Please critique my solution.
I thought I read somewhere that OSX will remove the sticky bit after a
certain period of time. Is this true? Right now, all of our scripts
are installed as "root:admin 0555" but they parse 'id' to check the uid
and only continue if it is root.
Using "root:admin 4555" might work, but for non-owners, the script is
only launched as euid=0 which has some restrictions. The one that
concerns me is not being able to set the DYLD_LIBRARY_PATH environment
variable.
Launching apps from cocoa has this same issue and that is why I made a
small utility program to swap uid with euid. Since there is no way
(that I know) to do this swap from a shell script any solution will
probably incorporate this small utility.
With this additional info, is this a security issue:
Creating a utility that is installed as "root:admin 4555".
The utility takes command line flags for input.
Depending upon the input flag, the utility will launch a "root:admin
0500" script or executable. The path and environment used to launch the
scripts and executables would be derived from information in "root:admin
0555" files. For example we place our install path in a file. Any
program can cat the file to see where it is installed but only root can
edit it.
I can see how if a tool like this was used to launch non-root apps, a
hacker could easily replace the non-root app with a virus or something
that would be then executed as root. However, since all the apps that
this tool will launch will be owned by root, I don't see any security
risk other than performing the tasks that the apps do.
-----Original Message-----
From: Terry Simons [
mailto:email@hidden]
Sent: Friday, October 10, 2003 2:21 PM
To: Huyler, Christopher M
Cc: Brad Peterson; email@hidden
Subject: Re: Authentication: Please critique my solution.
Chris,
You will need to chown the scripts to root, and set the sticky bit.
Simply chowning the script won't do anything... the sticky bit makes
the script run as the person that owns it.
Be aware, however, that this will allow ANY user with read access to
the scripts to be able to run the scripts as root.
You can set the sticky bit with the chmod command.
I use the "old style" chmod syntax, so it would be something like:
chown -R root:group MyApp.app (where group is the group you want to own
the app).
chmod 4xxx for each script you want to be run by root, where xxx is the
mode for the owner/group/everyone.
For instance:
If I wanted owner to read/write/execute, and group and everyone to
read/execute it would be something like:
chmod 4755 path/to/script
The "4" on the front sets the sticky bit, which will launch the app as
the user that owns the script.
I would also like to point out that this is EXTREMELY bad form... very
very bad. You shouldn't do this... 8-)
- Terry
On Friday, October 10, 2003, at 07:18 AM, Huyler, Christopher M wrote:
>
Thank you, this may actually solve my next problem which is a simple
>
app
>
that creates a status icon with a pull down menu on the menu bar. I
>
want it to be launched like an app (from the Applications folder), but
>
it must be able to launch root-owned scripts w/o asking for a password
>
ever.
>
>
Your solution won't work for the preference pane. No matter who owns
>
it
>
or where it is installed, it will not launch root-owned tools using
>
NSTask even though "System Preferences.app" is owned by root like you
>
said.
>
>
Is there a specific chown command you need to call for this to work?
>
Or
>
does "chown -R root:admin my.app" work?
>
>
Thanks,
>
~ Chris
>
>
-----Original Message-----
>
From: Brad Peterson [mailto:email@hidden]
>
Sent: Thursday, October 09, 2003 4:43 PM
>
To: Huyler, Christopher M
>
Subject: Re: Authentication: Please critique my solution.
>
>
> Hi,
>
>
>
> I don't know that I can comment directly on the security issue, but I
>
can
>
> tell you
>
> what has worked for me...
>
>
>
> 1. An installer that requires OS X admin rights to run. (Vise does
>
this, >and
>
> I imagine Apple's tools do as well.)
>
> 2. A tool launched as part of the install that does a chown on the
>
various
>
> apps that need
>
> root permissions.
>
>
>
> Any app can now launch the root-owned tools, and if they should ever
>
> be
>
>
> moved, etc. the tool to re-authenticate them still exists on the
>
> user's
>
>
> machine.
>
>
>
> HTH,
>
>
>
> Brad.
>
_______________________________________________
>
cocoa-dev mailing list | email@hidden
>
Help/Unsubscribe/Archives:
>
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
>
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.