Re: Confused about AuthorizationExecuteWithPrivileges and suid
Re: Confused about AuthorizationExecuteWithPrivileges and suid
- Subject: Re: Confused about AuthorizationExecuteWithPrivileges and suid
- From: "Stephen J. Butler" <email@hidden>
- Date: Wed, 11 Jun 2008 21:05:16 -0500
On Wed, Jun 11, 2008 at 8:49 PM, Jason Coco <email@hidden> wrote:
> The documentation is talking about using AuthorizationExecuteWithPrivleges()
> to repair a setuid tool that you may have already created. It is also
> suggesting that you use the setuid tool method rather than using
> AuthorizationExecuteWithPrivleges(). In this way, the setuid tool can limit
> itself to only doing a specific task. It can also ensure that its caller is
> authorized to call it and abort in any other circumstance.
Also, if you avoid AuthorizationExecuteWithPrivleges() and do things
the recommended way, then administrators can edit /etc/authorization
and allow access to your tool w/o prompting the user. People who get
lazy and use AuthorizationExecuteWithPrivleges() all the time make
that impossible.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden