Re: Using Security framework to get root auth for running app.
Re: Using Security framework to get root auth for running app.
- Subject: Re: Using Security framework to get root auth for running app.
- From: email@hidden
- Date: Wed, 15 Dec 2004 20:00:24 -0500 (EST)
- Importance: Normal
> The idea here is to NOT have the app do the root work at all - you
> want only a *small* binary with *only* the root (privileged) code to
> be run once and then exit. You do not want to leave any .app running
> with ANY code that can execute as root since doing so also opens a
> path to any code attached to it (i.e. virsues, etc) to also run as
> root.
>
> You need two binaries: an app without root privileges, and a separate
> "one-shot" helper binary that does *only* the root work, normally
> stored inside the regular app.
>
Yeah some one explained that to earlier too, and it makes sense. Anyway
yeah I have the binary in my head already. 3 lines of code maybe 4. Whats
this about the copy bit that prevents the binary from being copied, and
wouldn't than forbid drag and drop install? or maybe I just don't get that
at all.
April.
> Michael
> Orbital Launch & Lift, Inc.
> http://www.orbitallaunch.com
>
> At 3:16 PM -0500 12/15/04, email@hidden wrote:
>>Darn. I was hoping that would not be the case.
>>Question then, can I set /Applications/SomeApp.app as the toolpath? or
>> can
>>I only launch command line tools?
>>
>>April.
>>
>> > On Dec 15, 2004, at 12:57 PM, email@hidden wrote:
>>>
>>>> I've seeen several examples of how to run a commad line tool as root
>>>> and
>>>> the information is pretty clear but the problem is I need to gain
>>>> root
>>>> access for the application Im building. It basically needs to be able
>>>> to
>>>> remove several files in /Library so I need the application to get
>>>> authorized after it has executed, and the user chooses a given
>>>> function.
>>>> Does any one know of examples, or would some one be able to help with
>>>> this?
>>>
>>> That's not possible since you can't elevate the privileges of a
>>> running
>>> task. Instead, you'll need to launch a helper app using the
>>> authorization services functions that performs the task that requires
>>> higher privileges.
>>>
>>> Nick Zitzmann
>>> <http://www.chronosnet.com/>
>>>
>>
>> _______________________________________________
>>Do not post admin requests to the list. They will be ignored.
>>Cocoa-dev mailing list (email@hidden)
>>Help/Unsubscribe/Update your Subscription:
>>
>>This email sent to email@hidden
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Cocoa-dev mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden