Re: Privileged write to file
Re: Privileged write to file
- Subject: Re: Privileged write to file
- From: Sam McCandlish <email@hidden>
- Date: Wed, 10 Mar 2004 06:37:10 -0500
I don't really understand the usefulness of setuid root. If a program
wasn't setuid root, it wouldn't be called anyways if the person did not
have a password. Right?
On Mar 10, 2004, at 4:29 AM, Nicko van Someren wrote:
On 9 Mar 2004, at 22:24, Sam McCandlish wrote:
Does anyone know of a way I can write to a file with admin privileges
using the Apple security methods? I am trying to write to a
configuration that you can only be written to by root.
The right way to do this is probably to write a tiny program that
writes the configuration file and install it owned by root with the
setuid permission bit set.
Note that the wrong way to do this is that you could write the file to
a temporary location and then call
AuthorizationExecuteWithPrivileges() to issue a "cp" command to copy
the file to the right place. This is a bad idea because you program,
which is not setuid root, could have its binary modified to change
what gets passed to the authorisation call.
See
http://developer.apple.com/documentation/Security/Reference/
authorization_ref/01authref_ref/function_group_5.html#//apple_ref/c/
func/AuthorizationExecuteWithPrivileges and the related pages.
Nicko
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.