Re: NSTask and authentication...I have to clarify my original question
Re: NSTask and authentication...I have to clarify my original question
- Subject: Re: NSTask and authentication...I have to clarify my original question
- From: Nick Zitzmann <email@hidden>
- Date: Tue, 21 Mar 2006 09:20:27 -0700
On Mar 21, 2006, at 8:10 AM, Jerry Krinock wrote:
The difference between this and what you describe is that, instead of
executing an NSTask, MoreSecExecuteRequestInHelperTool runs a
"helper tool",
a command-line tool which you have compiled and included in your
package to
do whatever privileged operations need to be done; in this example,
writing
to /Library/Preferences. There are people who are Way Smarter Than Me
(maybe Nick Zitzmann) who can explain to you why this is Apple's
secure and
recommended method to execute a privileged task.
I was thinking about the setuid bit, which is dangerous when set on a
root-owned executable, because any setuid root executable can do
anything with unchecked power on the system. It's even more dangerous
if it can be made to run arbitrary commands (through a buffer
overflow or a program feature), and even more dangerous if it can be
made to run arbitrary commands issued by a remote user.
Authorization Services is safer than making something setuid root,
because (1) the task is not run _as_ root unless it changes its uid,
and (2) only users with permission to launch it as root can launch it
as root.
Nick Zitzmann
<http://www.chronosnet.com/>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden