• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Security opinion needed
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security opinion needed

  • Subject: Re: Security opinion needed
  • From: Alastair Houghton <email@hidden>
  • Date: Mon, 5 Jan 2004 15:33:09 +0000
On 4 Jan 2004, at 18:21, Michael Latta wrote:

> In looking at some security issues in our application I would like
> some opinions from the list.
>
> While the use of Cocoa or Carbon in a setuid app are verboten, what
> about Foundation and Objective-C code? Some of the Objective-C
> runtime issues could be a problem with any dynamic code (poseAs for
> example). But without dynamic code loading would use of NSFile,
> NSDIctionary, and application specific code be considered a problem?
>
> While the helper tool model is recommended, it has an undesirable
> aspect for us. You need to decide statically when privileges are
> required. We would have rather had the option of only executing with
> privileges when required dynamically. For example when a non-admin
> user is operating there should be no privileges active, and when the
> admin user is running there should only be privileges when that user
> directs the application to operate in privileged mode. It looks like
> we would need 2 copies of the helper tools, one with setuid and one
> without, so that we can operate in the desired mode. And this still
> requires that we partition the work if a task can be mixed mode. Is
> there any way to dynamically operate with privileged access to files?
> We need to be able to read and create files with mixed ownership and
> access.

It depends what you're trying to do. One technique you can use is to
use a helper tool to *open* the file(s) you want, and return the file
handles to you by sending them back via a UNIX socket (using an
SCM_RIGHTS message... see "man unix"). If you're going to do that,
though, you should make certain that you aren't opening-up a security
hole.

Apple actually already install a tool that can be used to do this sort
of thing... see "man authopen"; if it already does what you need, you
could use that, rather than re-inventing the wheel.

Kind regards,

Alastair.

[demime 0.98b removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
References: 
 >Security opinion needed (From: Michael Latta <email@hidden>)

  • Prev by Date: Re: Find app's working directory
  • Next by Date: Re: Intercepting JavaScript calls in WebViews
  • Previous by thread: Security opinion needed
  • Next by thread: Re: Security opinion needed
  • Index(es):
    • Date
    • Thread