Two questions on Cocoa security
Two questions on Cocoa security
- Subject: Two questions on Cocoa security
- From: Alex Sawyer <email@hidden>
- Date: Sat, 1 May 2004 00:34:26 +0100
Hello,
I'm writing a framework for creating applications to administer and use
a database on a Mac, and I'd like to include some functionality for
starting/stopping/etc a server process itself. This means I need to use
AuthorizeExecuteWithPrivileges().
I have two queries. The first is whether there's a good reason for
using the (scantily documented) Cocoa security frameworks, in
particular the SFAuthorization class. I've been playing with it, and
can't see much benefit from using the class as it stands at the moment,
but perhaps I'm missing the point.
The second question concerns strategy (and may be more appropriate for
a different list, if I could work out which one...). The server process
must be owned by the special database user, so I can see a couple of
ways to accomplish this:
1. get my helper tool to su <user> -c <command>
2. get my helper tool to pose as the database user in the first place
and simply execute the appropriate command(s)
The first seems simpler, but the second might have the advantage of
being more secure (the database user has no special privileges). I'd
still need root privileges to set the user in the first place, but the
tool itself would be underprivileged. The real problem is that, in
order to be useful, the helper tool will need an awful lot of
parameters determined at runtime, some of which could be obtained more
easily by the database user, cutting down on the helper tool's reliance
on potentially naughty information from the parent process. Is there a
UNIX function like nireport? Is the whole thing actually a good idea?
Thanks in advance,
Alex Sawyer
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.