Re: exec() with pmset
Re: exec() with pmset
- Subject: Re: exec() with pmset
- From: "stephen joseph butler" <email@hidden>
- Date: Wed, 31 Oct 2007 23:29:24 -0500
On 10/31/07, Andrew James <email@hidden> wrote:
> Hi,
> I am really not sure which list to post this to, but this list always seems
> to help.
>
> For some reason i can not make pmset work in my "authtool" which has a
> setuid to have root privs,
Beyond your problems with execl, here are a couple ideas (good for at
least 10.4... don't know about 10.5):
a) Make sure you read and understand
<http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/03authtasks/chapter_3_section_3.html#//apple_ref/doc/uid/TP30000995-CH206-BCIGAIAG>
b) Are you using AuthorizationExecuteWithPrivileges to launch your
executable? GO BACK TO (a), you're doing it wrong.
AuthorizationExecuteWithPrivileges is good for one thing only, and
that's to fix the set-uid-bit on the file.
c) Now that you understand everything, take a look at MoreIsBetter,
particularly MoreSecurity
<http://developer.apple.com/samplecode/MoreIsBetter/listing193.html>.
It's a library to help you write secure and well behaved helper apps.
Hint: you don't need to get all of MoreIsBetter to compile. Just
import MoreSecurity, MoreUNIX, and MoreCFQ (I usually have them in a
separate target, as a static library).
d) Your original problem (beyond execl) could be that you need to call
seteuid( 0 ). If you're using MoreSecurity, this is wrapped up in
MoreSecSetPrivilegedEUID().
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden