• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Helper Tool on FireWire
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Helper Tool on FireWire

  • Subject: Re: Helper Tool on FireWire
  • From: Chris Suter <email@hidden>
  • Date: Sun, 25 Jun 2006 18:14:27 +1000

On 25/06/2006, at 6:55 AM, Damien Sorresso wrote:

On 24 Jun, 2006, at 3:33 PM, Gerriet M. Denkmann wrote: 
I have an app which uses a small helper tool which runs setuid root.
Everything works perfectly.

But if the computer boots from some partition A and the helper tool resides on some partition B (A≠B) and if B is accessed via FireWire it just doesn't work.

Normally I get something like this:
2006-06-24 11:22:16.875 Test Helper[857] path:    /tmp/Test Helper
2006-06-24 11:22:16.879 Test Helper[857] owner:   root (0)
2006-06-24 11:22:16.880 Test Helper[857] rights:  4555
2006-06-24 11:22:16.880 Test Helper[857] geteuid: 0    Ok

But when "Test Helper" is on some FireWire partition I get:
2006-06-24 11:20:37.040 Test Helper[851] path: /Volumes/ FireWire Disk/tmp/Test Helper
2006-06-24 11:20:37.043 Test Helper[851] owner: root (0)
2006-06-24 11:20:37.043 Test Helper[851] rights: 4555
2006-06-24 11:20:37.044 Test Helper[851] geteuid: 502 Error

This might be a bug or a security feature or I might be doing something very stupid.

But: is there a way to make this FireWire partition behave like an internal disk? (Finder -> Info has a switch "Ignore ownership on this volume" which is NOT checked).

When a SetUID tool is copied or moved, it loses the SUID bit. The most common solution is to have your tool check itself for the SUID bit when it's launched with AuthorizationExecuteWithPrivileges (...), and if it's not present, to launch another instance of itself, repair itself and then continue with its execution. Apple's got some sample code showing how to do this.

And: how can I know whether a directory resides on a FireWire partition?

I don't believe that you can run privileges tools from external volumes. What you could do is, if you know your tool is going to be on an external volume, have it copy itself to somewhere like the user's Application Support directory, launch that copy and have it do a self-repair and then continue on with its execution as normal.

There's no need to do this. You can just use AuthorizationExecuteWithPrivileges(...) to run the program as root. This would obviously require authorisation every time, but so would the solution above.

The problem is the "nosuid" mount option. I don't know a way of changing this flag from Finder, but you can do it programmatically or from the Terminal using mount.

- Chris

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Helper Tool on FireWire (From: "Gerriet M. Denkmann" <email@hidden>)
 >Re: Helper Tool on FireWire (From: Damien Sorresso <email@hidden>)

  • Prev by Date: Clickable NSImageCell in NSMatrix
  • Next by Date: Re: CoreData: Getting the last object of a relation
  • Previous by thread: Re: Helper Tool on FireWire
  • Next by thread: Re: Helper Tool on FireWire
  • Index(es):
    • Date
    • Thread