Re: Authentication & suid tool
Re: Authentication & suid tool
- Subject: Re: Authentication & suid tool
- From: Brad Peterson <email@hidden>
- Date: Wed, 17 May 2006 08:32:56 -0700 (PDT)
Hi again,
Wow. It was late when I wrote this so I'll clarify. :)
I'm doing what's described in the post at:
http://www.cocoabuilder.com/archive/message/cocoa/2002/3/8/64416
In summary:
if (geteuid() != 0) {
//authorize, and run yourself again.
}
else {
//if running as root...
// Set the file path to be SUID root
// We do this by executing the following commands:
// chmod 4755 path
// chown root path
//
// The program that invokes us uses the
Authorization
// framework to execute this application as root (at
install time).
int status;
status = chmod(argv[0], (S_ISUID | S_IRWXU | S_IRGRP
| S_IXGRP | S_IROTH | S_IXOTH) );
status = chown(argv[0], 0, geteuid()); //getgid());
return NSApplicationMain(argc, argv);
}
But, the initial test for the gid/uid/euid always
fails to return 0 on subsequent launches, even if the
appropriate bits are set. (Easily confirmed in
Terminal.) I believe strongly that this should be
possible, but as yet have not had much luck.
The app continues to prompt for a password every time.
That would be great if I were writing an installer,
but I'm merely trying to make it so that my app can
repair itself if it needs to.
Thanks again!
--- Brad Peterson <email@hidden> wrote:
> Hi,
>
> I have a tool which can authenticate itself and do a
> chmod/chown on itself. So far, so good, right?
>
> Well, the problem is that I don't seem to be able to
> check for my own suid bit.
>
> This is a tool which (for the moment) is the
> executable inside a bundle. The permissions are:
>
> -rwsr-xr-x 1 root wheel 35088 May 17 00:12
> AuthorizationUI
>
> So, clearly, the code which sets the
> permissions/ownership is working. But, when I run
> the
> app from within Finder, it outputs the following
> values (for the corresponding "get" functions):
>
> 501 - euid
> 501 - gid
> 501 - egid
> 501 - ugid
>
> and, worse, it continues to prompt for the admin
> username/password. EyeTV used to do something very
> much like this, so I have reason to believe it's at
> least _possible_.
>
> At first, I thought running the bundle/app from
> within
> Finder was the problem, but even running it from
> Terminal produces the same behavior.
>
> Essentially, the
>
> if (geteuid() != 0) {
>
> test always fails.
>
> I'd be grateful for any suggestions. (Sorry if this
> is
> a bit rambling; it's late for me and I've been
> staring
> at this for a while.)
>
> Thanks!!
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around
> http://mail.yahoo.com
> _______________________________________________
> Do not post admin requests to the list. They will be
> ignored.
> Cocoa-dev mailing list
> (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
>
> This email sent to email@hidden
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden