Re: Using DO to talk to a process running as root
Re: Using DO to talk to a process running as root
- Subject: Re: Using DO to talk to a process running as root
- From: email@hidden
- Date: Sat, 18 Jun 2005 23:02:01 +1000
Will I have a similar problem? My plan was to launch a setuid
tool, have it authorize itself and switch to root, then open up an
NSConnection using connectionWithRegisteredName:.
I'm not sure off hand, but I think it's worth trying - I don't think
running a setuid binary changes the mach namespace (although a new
SSH session, for example, definitely will... thus my uncertainty -
see the "DO behavior depends on server launch" thread earlier on this
list).
In any case, however, the official line is that you shouldn't be
using D.O. in anything running as root, for security reasons. Not
D.O. specifically, in fact, but any "high" framework like Foundation
or AppKit. There's a very real danger stemming from Foundation's
"laziness" when it comes to things like memory management and data
storage, which could lead to various exploits. Theoretically. I'm
not aware of any real investigation in this area. Personally I'd
live dangerously and go ahead with it. :)
Wade Tregaskis (AIM/iChat, Yahoo & Skype: wadetregaskis, ICQ:
40056898, MSN, audio/video iChat & email: email@hidden,
Jabber: email@hidden)
-- Sed quis custodiet ipsos custodes?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden