Re: Running a setuid script from an NSTask
Re: Running a setuid script from an NSTask
- Subject: Re: Running a setuid script from an NSTask
- From: Sherm Pendley <email@hidden>
- Date: Tue, 24 Apr 2007 07:11:32 -0400
On Apr 24, 2007, at 6:20 AM, Richard Laing wrote:
I have been scratching my head for the last few days trying to work
out how to execute a shell script from an NSTask. Running a script
is easy, I can create the task, fork and exec as required setting
up the pipes etc. to feed data back to the GUI. The complication is
that the script needs to be run as root...
My basic approach has been to authorise using the security
framework in the GUI, create an NSTask to run a setuid helper
application (which confirms the authorisation as the factoring
examples), I then try and fork and exec the script. The script
refuses to get the setuid privileges and therefore fails. I have
had a look into this and I believe it is because when you exec a
shell command it discards the setuid values.
Exactly so - suid scripts are insecure, so the Darwin kernel stopped
allowing them as of 10.3.9. You'll need to either create a suid
binary "wrapper" that execs the script, or authorize every time the
script runs.
For a brief overview of the many dangers of suid scripts (on systems
that allow them), have a look at:
<http://www.samag.com/documents/s=1149/sam0106a/0106a.htm>
sherm--
Web Hosting by West Virginians, for West Virginians: http://wv-www.net
Cocoa programming in Perl: http://camelbones.sourceforge.net
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden