Fwd: Are you who I think you are...
Fwd: Are you who I think you are...
- Subject: Fwd: Are you who I think you are...
- From: Jerry LeVan <email@hidden>
- Date: Thu, 1 Apr 2004 20:41:56 -0500
Hello,
I am sorta struggling with the security manager...
Scenario, I have an app that needs a Helper to be run as root.
I can use the security/authentication tools to cause the Helper
foundation tool to be run as root without any problem, but I
have a lingering fear that some clever person might replace the
Helper tool with one that does mischief.
I was thinking about something like the following.
1) Build the "helper" tool first and then in a shell script
build phase calculate a checksum, say md5.
2) Have the shell script modify the "application" by adding
the checksum as a constant in the source
3) Have code in the "application" that checks the checksum prior
to calling the Authorize code the runs the helper and
bails if the checksums do not match.
A list member has suggested that prebinding might messup this plan.
I have started browsing the "ln" man page, it appears that one
could turn off prebinding...
Does anyone have experience with this problem? Am I being overly
paranoid?
==Jerry
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.