Re: How to embed framework in app with setuid helper
Re: How to embed framework in app with setuid helper
- Subject: Re: How to embed framework in app with setuid helper
- From: Chris Suter <email@hidden>
- Date: Sun, 16 Sep 2007 06:15:48 +1000
On 15/09/2007, at 11:53 PM, Bill Cheeseman wrote:
on 2007-09-15 7:42 AM, Finlay Dobbie at email@hidden wrote:
Well, your framework is probably writeable by non-root users, meaning
that someone could go in and replace your framework with some
malicious code, which would then be blindly loaded by your setuid
binary and executed.
Once you understand this, you should understand the solution.
I'm not sure I understand your hint. The embedded framework was indeed
read-write for all. But changing it to read-only for all yields the
same
error.
It's probably that anyone can write to the directory which means
anyone can replace the framework with something else.
You should try and avoid dynamically linking to local frameworks in
your setuid tool if you can help it. If there's something that you
must have, you could try creating a static library and linking to that.
- Chris
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden