Re: Authorization without permanent setuid on helper
Re: Authorization without permanent setuid on helper
- Subject: Re: Authorization without permanent setuid on helper
- From: email@hidden
- Date: Fri, 21 Jan 2005 15:22:21 +0000
M. Uli Kusterer wrote:
> When it comes to security I'd rather rely on Apple's code that's
> been used in hundreds of projects than on me myself writing bug-free
> and un-exploitable code.
I just wish there was more explanation of details. For instance, from what I've studied of MoreAuthSample, it seems that someone could substitute a malicious template in the app bundle and thus cancel out any security protections that the template/copy approach gains you. Unless the user (even an admin user) knows what he/she is authorizing (a malicious helper will appear no different than the original when authorizing), he/she could unwittingly authorize some nasty things to happen. I hope I'm just misunderstanding how things work that that somebody can provide the one bit of information that clears it up for me.
> Users can use the keychain to authorize my helper once without the
> hassle of having to re-enter the password every time.
How does this work in practice? How do you get Authorization Services to check the Keychain first before prompting the user for a password?
> That will even ask them to re-authorize when the app is modified.
> Sounds safer to me.
Does this mean that the modification times on all of the folders in the app bundle are checked? If so, that would take care of the malicious template substitution problem.
There's just so much information scattered all over the place on Apple's developer site that it's very difficult to sort everything out.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden