• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
AuthorizationExecWithPrivileges and /bin/cp
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AuthorizationExecWithPrivileges and /bin/cp

  • Subject: AuthorizationExecWithPrivileges and /bin/cp
  • From: Cryptic Caveman <email@hidden>
  • Date: Mon, 7 Nov 2005 12:55:47 -0800 (PST)
I'm creating an application that needs to write to a
few files owned by root, and I need a bit of security
advice.  Basically, I want to run a tool (/bin/cp)
with root priviledges.  In Apple's AuthSample, they
state that that I have two options:

"1) Use AuthorizationExecWithPrivileges to execute
your tool
2) Make your tool setuid root"

The documentation goes on to state that option (1) is
bad because "any process running as the user who owns
the tool (which is not root but a regular user) can
modify the tool on disk and
AuthorizationExecWithPrivileges will still run this
modified tool as root."

In my case, the tool I want to run (cp) actually IS
owned by root, and not a regular user.  Thus, the only
drawback listed for option (1) doesn't seem to apply
in my case.

Am I wrong?  I would much prefer to go with option
(1), because option (2) has annoying user aspects.
For example, a user can't make a Finder copy of an app
that has a setuid tool in its bundle.

I've also seen a cocoa-dev post which states that
option (1) is bad, because somebody could distribute
an edited version of my binary that executes another
tool instead of /bin/cp.  However, this is just a
trojan.  If I use option (2), a malicious person could
just as easily create an app from scratch that looks
like mine, requests authorization, and then does
whatever it feels like with the privileges.

So, is there a reason I shouldn't use
AuthorizationExecWithPrivileges with a tool that is
already owned by root?  Any advice is appreciated.



__________________________________
Start your day with Yahoo! - Make it your home page!
http://www.yahoo.com/r/hs
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: AuthorizationExecWithPrivileges and /bin/cp
      • From: Darkshadow <email@hidden>
  • Prev by Date: RE: NSScrollView problems when scaling an NSTextView
  • Next by Date: Data-loss issue when quitting a CoreData-document-based application
  • Previous by thread: Re: CoreData Entity attributes vs. Cocoa naming conventions
  • Next by thread: Re: AuthorizationExecWithPrivileges and /bin/cp
  • Index(es):
    • Date
    • Thread