• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: NSTask and authentication...I have to clarify my original question
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSTask and authentication...I have to clarify my original question

  • Subject: Re: NSTask and authentication...I have to clarify my original question
  • From: James Bucanek <email@hidden>
  • Date: Tue, 21 Mar 2006 08:27:12 -0700
Nik Giovanakis wrote on Wednesday, March 22, 2006:

>In looking to wrap a Unix executable with Xcode, I am moving towards
>an NSTask path.
>
>The issue I have is the executable needs to have root privileges to
>perform.
>
>The recommendations received suggest using Authentication Services.
> From what I have deduced, I will need to have an authentication step
>when the application is launched. Is that right?
>
>Is there a way that authentication at launch can be avoided e.g.
>authentication at install gives the application permission
>thereafter????

I don't know the answer to the installation questions, but if you follow the MoreAuthSample example it describes how to create a secure "self-installing" helper application. I would say that this is far more desirable from a usability standpoint then being forced to run a special installer.

I've gone through this exercise twice now. It's a lot of work (security usually is), but once it's set up it's pretty slick.

In a nutshell, this is how it works:

Your application obtains an authorization from authentication services. It launches the helper app (NSTask will do) and passes the authorization to it. The helper app then uses that authorization to relaunch itself with root privileges (AuthorizationExecuteWithPrivileges()) and install itself as a privileged executable (SUID). Once installed, your GUI app can now launch the helper app at any time without the need to authenticate. At no point does your GUI application run with root privileges.

If you don't need to the authorization to run your helper as root to be prominent, you can just skip the SUID install part. Let your GUI app get the authorization, launch your helper using NSTask, pass the authorization to the helper and let the helper re-launch itself with root privileges.

--
James Bucanek
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >NSTask and authentication...I have to clarify my original question (From: Nik Giovanakis <email@hidden>)

  • Prev by Date: Re: Intercepting messages
  • Next by Date: Re: NSTextView text too narrow
  • Previous by thread: Re: NSTask and authentication...I have to clarify my original question
  • Next by thread: What's wrong with NSViewAnimation and view with zero height or width ?
  • Index(es):
    • Date
    • Thread