Re: authopen or not
Re: authopen or not
- Subject: Re: authopen or not
- From: "Gerriet M. Denkmann" <email@hidden>
- Date: Sat, 24 Jul 2004 18:33:33 +0200
On 24.07.2004, at 16:52, Finlay Dobbie wrote:
On 24 Jul 2004, at 13:48, Gerriet M. Denkmann wrote:
Currently this app is setuid root, which is necessary in order to
make the open() work.
But the fine (or fucking?) manuals tell me that: "running code as
root is very dangerous and should be done as seldom as possible."
I'd suggest that you factor out the code that does this to a small
tool, and have the tool be setuid. This tool should be
self-restricting using the techniques in the Security framework. See
the MoreAuthSample code from DTS and the Authorization Services
documentation for more information.
Authopen is - if I understand it correctly - just such a small tool,
which uses the techniques in the Security framework.
My problem is that I do not quite understand how to use it.
I have the "AuthSample" code, and I will look for "MoreAuthSample" at
developer.apple.com. What DTS stands for I do not know.
If it is not possible for some reason to use authopen - then I would
follow your suggetion and create another process, run it setuid root
and send (via Distributed Objects) addresses to it, getting a block of
data back.
Sounds possible, but not very efficient.
I also noticed that you were hardcoding "rdisk0s9". This is probably a
bad thing, as disk numbering is dependent on the order that disks are
probed by IOKit. You should probably dynamically look up the device
node you are looking for using some other method.
Well, the hard-coded "rdisk0s9" was just for the mail.
Internally I do getfsstat(), then selecting those things of type "hfs".
Gerriet.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.