Re: Get root privileges with NSTask
Re: Get root privileges with NSTask
- Subject: Re: Get root privileges with NSTask
- From: "Clark Cox" <email@hidden>
- Date: Tue, 25 Mar 2008 07:55:28 -0700
You don't seem to be listening. You were given the correct answer: use
AuthorizationServices:
Please read, and understand, this page:
<http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/01introduction/chapter_1_section_1.html>
On Tue, Mar 25, 2008 at 7:47 AM, Mr. Gecko <email@hidden> wrote:
> I guess I will use applescript for this task
>
>
> On Mar 25, 2008, at 8:19 AM, Jean-Daniel Dupas wrote:
>
> >
> > If you didn't find anything useful in the Chris Hanson post and in
> > the link it provides, I'm not sure we can give you more help.
> >
> > NSTask cannot launch an executable with more privilege than your
> > current task (except if it launches a setuid tool), and previous
> > responses already give you everything you have to now to perform a
> > privileged operation.
> >
> >
> > Le 25 mars 08 à 13:47, Mr. Gecko a écrit :
> >
> >> I looked around there and found nothing useful.
> >> Here is my code that I am tying to get root privileges with.
> >> NSTask* download = [[NSTask alloc] init];
> >> [download setLaunchPath:@"/usr/bin/curl"];
> >> [download setCurrentDirectoryPath:@"/"];
> >> [download setArguments: [NSArray arrayWithObjects:@"-O",@"http://www.imagemagick.org/download/binaries/ImageMagick-universal-apple-darwin8.11.0.tar.gz
> >> ", nil]];
> >> [download launch];
> >> [download waitUntilExit];
> >> NSTask* uncompress = [[NSTask alloc] init];
> >> [uncompress setLaunchPath:@"/usr/bin/gnutar"];
> >> [uncompress setCurrentDirectoryPath:@"/"];
> >> [uncompress setArguments: [NSArray arrayWithObjects:@"-
> >> xzf",@"ImageMagick-universal-apple-darwin8.11.0.tar.gz", nil]];
> >> [uncompress launch];
> >> [uncompress waitUntilExit];
> >> NSTask* delete = [[NSTask alloc] init];
> >> [delete setLaunchPath:@"/bin/rm"];
> >> [delete setCurrentDirectoryPath:@"/"];
> >> [delete setArguments: [NSArray arrayWithObjects:@"ImageMagick-
> >> universal-apple-darwin8.11.0.tar.gz", nil]];
> >> [delete launch];
> >> [delete waitUntilExit];
> >> On Mar 24, 2008, at 10:18 PM, Michael Watson wrote:
> >>
> >>> Search the list. This comes up often.
> >>>
> >>> <http://search.lists.apple.com/?q=root+privileges&cmd=Search!&ul=cocoa-dev
> >>> >
> >>>
> >>> When I say "it comes up often", I mean "this gets asked so often
> >>> that it actually was talked about yesterday". Chris Hanson posted
> >>> this:
> >>>
> >>>> (1) Use Authorization Services to create an authorization
> >>>> reference for the right to unload your daemon.
> >>>> (2) Use NSTask to run a setuid-root helper tool you've written
> >>>> that can only unload your daemon.
> >>>> (3) Pass the externalized form of the authorization reference
> >>>> from #1 over a pipe to the task in #2.
> >>>> (4) Verify in the task from #2 that the authorization reference
> >>>> actually confers the appropriate right.
> >>>> (5) Unload the daemon.
> >>>>
> >>>> If the setuid helper tool isn't setuid-root,
> >>>> AuthorizationExecuteWithPrivilegs should be used to fix that from
> >>>> within the tool itself -- in other words, the helper tool should
> >>>> be self-repairing.
> >>>>
> >>>> THis is all described in "Performing Privileged Operations With
> >>>> Authorization Services" at <http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/01introduction/chapter_1_section_1.html
> >>>> >. Everyone who wants to perform privileged operations MUST read
> >>>> and understand this document completely before attempting to
> >>>> write code to do so, to preserve the security of their users'
> >>>> systems.
> >>>
> >>>
> >>>
> >>> --
> >>> m-s
> >>>
> >>> On 24 Mar, 2008, at 23:07, Mr. Gecko wrote:
> >>>> Hello I am needing to get root privileges with NSTask so my
> >>>> program can install some items that will get downloaded from the
> >>>> internet with curl is that possible I know I can do that with
> >>>> applescript.
> >>>>
> >>>> Thanks for tips/help,
> >>>> Mr. Gecko
> >>>> _______________________________________________
> >>>>
> >>>> Cocoa-dev mailing list (email@hidden)
> >>>>
> >>>> Please do not post admin requests or moderator comments to the
> >>>> list.
> >>>> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
> >>>>
> >>>> Help/Unsubscribe/Update your Subscription:
> >>>>
> >>>> This email sent to email@hidden
> >>>
> >>
> >> _______________________________________________
> >>
> >> Cocoa-dev mailing list (email@hidden)
> >>
> >> Please do not post admin requests or moderator comments to the list.
> >> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
> >>
> >> Help/Unsubscribe/Update your Subscription:
> >>
> >> This email sent to email@hidden
> >>
> >
>
> _______________________________________________
>
> Cocoa-dev mailing list (email@hidden)
>
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
--
Clark S. Cox III
email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden