Re: Running Shell Script from Cocoa Application
Re: Running Shell Script from Cocoa Application
- Subject: Re: Running Shell Script from Cocoa Application
- From: deepak gopal <email@hidden>
- Date: Mon, 8 Oct 2007 23:11:54 +0530 (IST)
Thanks Glenn, this is very useful info.
----- Original Message ----
From: glenn andreas <email@hidden>
To: deepak gopal <email@hidden>
Cc: Cocoa Developers <email@hidden>
Sent: Monday, 8 October, 2007 9:37:41 AM
Subject: Re: Running Shell Script from Cocoa Application
On Oct 8, 2007, at 11:04 AM, deepak gopal wrote:
> Hi
>
> This is how I Run my Shell Scripts. This should help.
>
> 2. Run the script:
> char *args[2];
> NSString *launchTool = @"/bin/sh";
>
> args[0] = (char *)[ShellScript fileSystemRepresentation];
> args[1] = NULL;
>
> NSLog (@"args[1] = %s", args[1]);
>
> OSStatus status =
> AuthorizationExecuteWithPrivileges(authRef_, [launchTool
> UTF8String], 0,
> args, NULL);
>
> if (status == errAuthorizationCanceled) {
> NSLog (@"Canceled error");
> } else if (status != errAuthorizationSuccess) {
> NSLog (@"Failure error");
> }
>
Note that there are security risks when running shell scripts in a
privileged context. From <http://www.faqs.org/faqs/unix-faq/faq/
part4/section-7.html>:
Now that we have made sure the right file gets interpreted, are
there any risks left?
Certainly! For shell scripts you must not forget to set the PATH
variable to a safe path explicitly. Can you figure out why?
Also there is the IFS variable that might cause trouble if not
set properly. Other environment variables might turn out to
compromise security as well, e.g. SHELL... Furthermore you must
make sure the commands in the script do not allow interactive
shell escapes! Then there is the umask which may have been set
to something strange...
Etcetera. You should realise that a setuid script `inherits' all
the bugs and security risks of the commands that it calls!
All in all we get the impression setuid shell scripts are quite a
risky business! You may be better off writing a C program
instead!
Things like helper tools and like should be as absolutely small as
possible, with the least possibility for exploitation. Don't have
the tool link in a whole bunch of high level libraries (ideally, it
shouldn't use anything above libc - I'd be hesitant to even use
Objective-C, and certainly nothing like AppKit), don't allow for
arbitrary parameters, don't embed some sort of interpreter with the
ability to access other subsystems, etc... Using /bin/sh as that tool
is one of the worse possible examples of such practice.
Glenn Andreas email@hidden
<http://www..gandreas.com/> wicked fun!
quadrium | flame : flame fractals & strange attractors : build,
mutate, evolve, animate
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Bring your gang together - do your thing. Go to http://in.promos.yahoo.com/groups
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden