Re: A problematic combination of malloc and getCharacters.
Re: A problematic combination of malloc and getCharacters.
- Subject: Re: A problematic combination of malloc and getCharacters.
- From: John Stiles <email@hidden>
- Date: Wed, 24 Oct 2007 16:46:45 -0700
Hasn't it largely been established that it's a security hole to launch a
shell with elevated priveleges?
I believe an attacker can easily replace various unprotected .files to
alias one command to another command, and suddenly transform your
innocuous shell command into whatever they want.
Shawn Erickson wrote:
On 10/24/07, deepak gopal <email@hidden> wrote:
Hi
The method performChange would run a script which would modify a plist.
Try...
- (BOOL)performChange {
NSString* shell = @"/bin/sh";
const char* plistArgs[3];
plistArgs[0] = [copyPlistScript_ UTF8String];
plistArgs[1] = [garage_ fileSystemRepresentation];
plistArgs[2] = NULL;
OSStatus status = AuthorizationExecuteWithPrivileges(authRef_,
[shell UTF8String], 0, &plistArgs, NULL);
if ((status == errAuthorizationCanceled) || (status !=
errAuthorizationSuccess)) {
NSLog(@"Desktop Break Change: Authorization failed when installing
new configuration plists.");
return NO;
}
}
...written in gmail and from memory ... no idea if it compiles.
-Shawn
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden