• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Authorization without permanent setuid on helper
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authorization without permanent setuid on helper


  • Subject: Re: Authorization without permanent setuid on helper
  • From: Bob Ippolito <email@hidden>
  • Date: Thu, 20 Jan 2005 04:51:34 -0500

On Jan 19, 2005, at 5:49 PM, email@hidden wrote:

Are there any security repercussions with always "double running" a helper tool instead of setuid'ing its file on the first run? By "double running" I mean running it from the main app, having it authorize, and then having it run itself as setuid (essentially following AuthSample but skipping the ownership and permission changes on the file).

I know that it'll incur the overhead of an extra process every time, but for the purpose I have in mind, efficiency is not an issue and it would make the app more mobile (without leaving Application Support garbage behind, as MoreAuthSample's approach would do).
I would have to say that this method sounds MORE secure than using setuid, because you actually need to authenticate every time. Using setuid is for convenience. Once the helper is setuid, it no longer requires authorization to run as uid 0. If you don't want the helper tool to be "pre-authorized", then you shouldn't setuid it.

-bob

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


  • Follow-Ups:
    • Re: Authorization without permanent setuid on helper
      • From: OL&L Lists <email@hidden>
    • Re: Authorization without permanent setuid on helper
      • From: Finlay Dobbie <email@hidden>
References: 
 >Authorization without permanent setuid on helper (From: email@hidden)

  • Prev by Date: Re: Hex <=> NSNumber?
  • Next by Date: How to customize Comand +Q handler
  • Previous by thread: Authorization without permanent setuid on helper
  • Next by thread: Re: Authorization without permanent setuid on helper
  • Index(es):
    • Date
    • Thread