Re: Application rights.
Re: Application rights.
- Subject: Re: Application rights.
- From: "Sherm Pendley" <email@hidden>
- Date: Thu, 22 May 2008 14:59:57 -0400
On Thu, May 22, 2008 at 2:16 PM, Jerry Krinock <email@hidden> wrote:
>
> On 2008 May, 22, at 9:46, Sherm Pendley wrote:
>
> Apple provides an Objective-C interface. It lacks an
>> AuthorizationExecuteWithPrivileges() method, but I think that Apple
>> omitted
>> that deliberately.
>>
>
> Yes, I believe the idea is that you need to make a tool as in
> BetterAuthorizationSample to do that.
I don't think that kind of factoring - although certainly the correct thing
to do - is the reason Apple chose not to include an AEWP method in the
Objective-C version of the API. The lack of such a method doesn't have any
significant effect, positive or negative, on one's ability to factor one's
app. One could just as easily call the C function from a non-factored app,
after all, or call the method (if there were one) from a helper tool.
I think the intent is to make it more difficult to subvert a helper tool
that's written in Objective-C. The runtime allows many ways to intercept and
modify method calls, which could easily result in an AEWP method call in the
helper tool being used for nefarious purposes. (For instance, you could
modify the path string the tool sends as an argument to chmod, resulting in
the helper tool "repairing" the suid bit on something other than itself.)
This kind of attack is possible for a C function too, of course. The issue
here is that the Objective-C runtime makes it much, much simpler to do this
kind of code injection. Both PyObjC and F-Script, for instance, can use this
capability to inject a script interpreter into an app that wasn't born with
one, even while the app is running.
Sometimes I think I should have specialized in security - I'm all the time
thinking of worst-case scenarios like this one. :-)
sherm--
--
Cocoa programming in Perl: http://camelbones.sourceforge.net
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden