Re: Authorization without permanent setuid on helper
Re: Authorization without permanent setuid on helper
- Subject: Re: Authorization without permanent setuid on helper
- From: Bob Ippolito <email@hidden>
- Date: Thu, 20 Jan 2005 04:51:34 -0500
On Jan 19, 2005, at 5:49 PM, email@hidden wrote:
Are there any security repercussions with always "double running" a
helper tool instead of setuid'ing its file on the first run? By
"double running" I mean running it from the main app, having it
authorize, and then having it run itself as setuid (essentially
following AuthSample but skipping the ownership and permission changes
on the file).
I know that it'll incur the overhead of an extra process every time,
but for the purpose I have in mind, efficiency is not an issue and it
would make the app more mobile (without leaving Application Support
garbage behind, as MoreAuthSample's approach would do).
I would have to say that this method sounds MORE secure than using
setuid, because you actually need to authenticate every time. Using
setuid is for convenience. Once the helper is setuid, it no longer
requires authorization to run as uid 0. If you don't want the helper
tool to be "pre-authorized", then you shouldn't setuid it.
-bob
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden