Running a setuid script from an NSTask
Running a setuid script from an NSTask
- Subject: Running a setuid script from an NSTask
- From: Richard Laing <email@hidden>
- Date: Tue, 24 Apr 2007 22:20:51 +1200
I have been scratching my head for the last few days trying to work
out how to execute a shell script from an NSTask. Running a script is
easy, I can create the task, fork and exec as required setting up the
pipes etc. to feed data back to the GUI. The complication is that the
script needs to be run as root...
My basic approach has been to authorise using the security framework
in the GUI, create an NSTask to run a setuid helper application
(which confirms the authorisation as the factoring examples), I then
try and fork and exec the script. The script refuses to get the
setuid privileges and therefore fails. I have had a look into this
and I believe it is because when you exec a shell command it discards
the setuid values. I believe it must be possible to make it work -
that's essentially what sudo does but can anyone explain how or point
me at an example. I don't really want to re-write sudo!
If the worst comes to the worst I can use sudo and ask the user for
the password and pipe it to the script but I feel this isn't as
secure as using the authorisation framework and would prefer to 'do
it right'. Any thoughts or comments?
Thanks
Richard Laing
-------------------
Web: http://alittledrop.com
Google Talk: email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden