Re: Authorization without permanent setuid on helper
Re: Authorization without permanent setuid on helper
- Subject: Re: Authorization without permanent setuid on helper
- From: Charles Srstka <email@hidden>
- Date: Sat, 22 Jan 2005 03:07:46 -0600
On Jan 22, 2005, at 1:26 AM, OL&L Lists wrote:
You'd like to be prompted to authenticate to get a process list? To
change your network preferences? To change your date/time? Wow, you
must like pain, and I have to say I'm in favour of getting stuff done
rather than pointless bureaucracy :-)
There is no need to be root to get a process list and there is no
reason to change the date or time often. I would rather be asked
(more like notified) if someone is trying to change my system clock,
to use your example. The one time that I set the clock after install,
putting in my password is absolutely acceptable.
No, but there may be a need to do other privileged operations often:
like changing the network settings. That *does* require being root.
He is probably advocating using another method, such as
AuthorizationExecuteWithPrivileges(), to launch the helper tool. I see
no evidence in any of his posts that he is advocating making the whole
app run as root. That would indeed be colossally stupid.
For the record, I've never really understood this method of using
setuid binaries either. Sure, self-limiting and so on works great as
long as it's rock solid. If there's one little security hole that
creeps into the helper's code somehow - well, voilĂ , anyone who wants
it has root access. I don't understand what advantage this has over
just using AEWP, but running a checksum immediately before to make sure
the helper is *exactly* what it should be before launching it.
Charles
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden