Re: Run a process as root (asking only one time the root password)
Re: Run a process as root (asking only one time the root password)
- Subject: Re: Run a process as root (asking only one time the root password)
- From: Oleg Kibirev <email@hidden>
- Date: Thu, 21 Jun 2007 14:47:26 -0700
On Jun 21, 2007, at 7:57 AM, Hell's KItchen Hell's KItchen wrote:
Hello guys,
I need to execute a command-line process as root. I've tried using
NSTask and BLAuthentication class (Security Framework). Everything
works fine but each new start of the program will require again that
password. So my question... is possible to authenticate only one time
the app and mantain that privileges between multiple sessions?
I've discovered some infos about setuid. Is it the right solution? How
can I use it?
It is technically a possibility but, if you "just discovered it",
your program will most probably allow everyone with an account on a
given machine to obtain root access and access everyone else's files.
For example, someone could quickly replace some temporary file that
you application or Cocoa framework is using to be a symbolic link to /
etc/passwd. It's better to stick with current limitations so that at
least security can not be compromised without the user explicitly
running your program and asking for password. The safest option to
achieve what you want is a daemon, but you need to first research the
topics of buffer overflow, temporary file safety and local access
validation.
Oleg
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden