• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Helper Tool on FireWire
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Helper Tool on FireWire

  • Subject: Re: Helper Tool on FireWire
  • From: email@hidden
  • Date: Sun, 25 Jun 2006 21:45:01 +1000
> Why does your tool need to run from the boot partition?

It does not. But it needs to run setuid root, and this seems not to
work on FireWire-non-boot-partitions.


Of course. Otherwise, I could take a FireWire drive, hook it up to my
Mac, put a tool on it, make it setuid root, then connect my drive to
your Mac and boom! Instance root access.

To clarify, removable volumes are mounted with "Ignore ownership on this volume" ticked by default (in the Get Info window). This means the actual user & group owners are ignored, both for reading and writing. MacOS X sees to it that it appears that the user whom mounted them (the console user, I presume) owns them, and changes to the owner user or group are ignored.

You can certainly turn this check box off. But, obviously, you take your security into your own hands when you do so. You need admin privileges to turn it off though (standard authentication dialog), so at least there's some protection against unwary users.

The status of this check box is preserved across mount sessions of the given volume, although whether it's stored locally or on the volume I don't know. I would really hope not the latter, for security reasons, but from what I've quickly Googled I do in fact get the impression this is the case. Anyone else got two machines handy to test with?

P.S. You can't ignore ownership on the boot volume, obviously, so booting from a removable drive will always run the associated risks. I don't know if booting from removable volumes can be disabled.

Wade Tregaskis

    ICQ: 40056898
    AIM, Yahoo & Skype: wadetregaskis
    MSN: email@hidden
    iChat & email: email@hidden
    Jabber: email@hidden
    Google Talk: email@hidden

    http://homepage.mac.com/wadetregaskis/

-- Sed quis custodiet ipsos custodes?


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Helper Tool on FireWire

      • From: Chris Suter <email@hidden>
      • 





References: 


 >Re: Helper Tool on FireWire (From: "Gerriet M. Denkmann" <email@hidden>)


 >Re: Helper Tool on FireWire (From: "Finlay Dobbie" <email@hidden>)






    

  • Prev by Date:
Re: Helper Tool on FireWire

    • 

  • Next by Date:
Re: Folder Action the Cocoa Way

    • 

  • Previous by thread:
Re: Helper Tool on FireWire

    • 

  • Next by thread:
Re: Helper Tool on FireWire

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •