• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Environment/permissions on NSTask-launched app
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Environment/permissions on NSTask-launched app

  • Subject: Re: Environment/permissions on NSTask-launched app
  • From: Sherm Pendley <email@hidden>
  • Date: Thu, 20 Jul 2006 16:08:33 -0400
On Jul 19, 2006, at 8:26 PM, Brad Peterson wrote:

Upside-down. How annoying.

--- Sherm Pendley <email@hidden> wrote:

On Jul 18, 2006, at 9:35 PM, Brad Peterson wrote:

I've confirmed that the sub-task isn't running as
root
(though I don't know why that would make a
difference)
by logging the results of a getgid() call. (501
was
the result.) 

Getgid() gets the group id. And, it gets the *real*
group id, not the
effective group id, which is what running with
elevated group
privileges would change.

Getuid() and geteuid() report the real and effective
user id, and you
can use setuid() to lower the privileges of a
running app, if you
need to.

Well, now I'm not sure that setuid() the right
approach either. A quick test from the sub-task's
output shows that

NSLog(@"gid = %d", getgid());

also shows 501.

Did you read the getgid() man page? Getgid() is *supposed* to return the real group id, and that's what it's doing here. The real group id is not what you want. You want the *effective* group id.

Actually, what you really want the effective *user* id. Why do you keep using a function that's very clearly documented as returning something other than what you want?

No offense intended, but at this point I agree with the others - if you're doing this for self-education that's great, but if you're going to distribute this to other people you *seriously* need to turn this project over to someone who's more experienced with this kind of thing. Security issues are not something you want to "learn on the job".

sherm--

Web Hosting by West Virginians, for West Virginians: http://wv-www.net
Cocoa programming in Perl: http://camelbones.sourceforge.net


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Environment/permissions on NSTask-launched app

      • From: Brad Peterson <email@hidden>
      • 





References: 


 >Re: Environment/permissions on NSTask-launched app (From: Brad Peterson <email@hidden>)






    

  • Prev by Date:
Creating a new implementation of NSPersistantStoreCoordinator to	use a different backend?

    • 

  • Next by Date:
Re: Creating a new implementation of NSPersistantStoreCoordinator	to use a different backend?

    • 

  • Previous by thread:
Re: Environment/permissions on NSTask-launched app

    • 

  • Next by thread:
Re: Environment/permissions on NSTask-launched app

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •