• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: How to embed framework in app with setuid helper
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to embed framework in app with setuid helper

  • Subject: Re: How to embed framework in app with setuid helper
  • From: "Finlay Dobbie" <email@hidden>
  • Date: Sat, 15 Sep 2007 12:42:15 +0100
Well, your framework is probably writeable by non-root users, meaning
that someone could go in and replace your framework with some
malicious code, which would then be blindly loaded by your setuid
binary and executed.

Once you understand this, you should understand the solution.

 -- Finlay


On 15/09/2007, Bill Cheeseman <email@hidden> wrote:
> My app has always included my embedded framework using @executablepath, per
> the documentation on embedding frameworks, and it has always worked fine.
>
> Now I've added a setuid authorization helper tool in my application
> package's Resources folder. When I try to run my app, I get these error
> messages in the console.:
>
> "dyld: Library not loaded: @executablepath<path to my embedded framework>"
>
>    "Referenced from: <path to my app executable>"
>
>    "Reason: unsafe use of @executablepath in <path to my app executable>
> with setuid binary"
>
>    "... Exited abnormally: Trace/BPT trap"
>
> What can I do about this? Must I copy my setuid helper into the user's
> Application Support folder as per Apple's MoreAuthSample sample code?
>
> --
>
> Bill Cheeseman - email@hidden
> Quechee Software, Quechee, Vermont, USA
> www.quecheesoftware.com
>
> PreFab Software - www.prefabsoftware.com
>
>
> _______________________________________________
>
> Cocoa-dev mailing list (email@hidden)
>
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: How to embed framework in app with setuid helper
      • From: Bill Cheeseman <email@hidden>
References: 
 >How to embed framework in app with setuid helper (From: Bill Cheeseman <email@hidden>)

  • Prev by Date: How to embed framework in app with setuid helper
  • Next by Date: Re: [NSKeyedUnarchiver decodeObjectForKey:] bug during call to [NSDocumentController openUntitledDocumentAndDisplay: error:]
  • Previous by thread: How to embed framework in app with setuid helper
  • Next by thread: Re: How to embed framework in app with setuid helper
  • Index(es):
    • Date
    • Thread