Re: Security - Write to protected directory
Re: Security - Write to protected directory
- Subject: Re: Security - Write to protected directory
- From: "Michael Ash" <email@hidden>
- Date: Fri, 3 Oct 2008 10:39:17 -0400
On Fri, Oct 3, 2008 at 12:46 AM, Kelly Graus <email@hidden> wrote:
>
> On Oct 2, 2008, at 6:23 PM, Nick Zitzmann wrote:
>
>>
>> On Oct 2, 2008, at 1:30 PM, Kelly Graus wrote:
>>
>>> Is the only way to allow a user to write to a protected location use the
>>> AuthorizationExecuteWithPrivileges function?
>>
>> Yes. AEWP() is most certainly not deprecated.
>
> Ok, I will look into using that.
>
>>
>>
>>> If so, is there a way to tell when the application has quit, and get the
>>> exit code?
>>
>> Yes. (Hint: Look at the man page for the wait() function.)
>
> I looked at the wait function, I just couldn't figure out how to get the pid
> of the started application. Is there a way to get the pid without
> cooperation of the started application (ie, some sort of IPC between the two
> applications). I'm very new coding for OS X (and Unix based systems in
> general), so any details would be very appreciated!
Nope! AEWP is a rather broken API in more ways than one. One of the
ways that it's broken is that it is *impossible* to correctly use it
without a subprocess which will cooperate with you. The reason for
this is that you *must* use wait4 or waitpid to reap the zombie that
will be created when the subprocess terminates, but AEWP provides *no*
way to get the pid. (You cannot use wait or wait3 because those could
end up inadvertently reaping a child process spawned by a library
you're using.) So your subprocess must have a way to communicate its
pid back to the parent, and do so very early before it does anything
that could make it crash or otherwise terminate.
Correct use of AEWP is extremely weird and un-fun. I definitely
recommend finding some of Apple's sample code on the subject, and then
adapting it to do what you need, rather than trying to figure out how
to use it on your own. In particular, the BetterAuthorizationSample,
while probably not doing what you need, is full of useful commentary
on how it works and how it gets around the various problems with the
AEWP API:
http://developer.apple.com/samplecode/BetterAuthorizationSample/index.html
Mike
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden