• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Using the security framework
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using the security framework

  • Subject: Re: Using the security framework
  • From: Peter N Lewis <email@hidden>
  • Date: Wed, 7 Jan 2009 14:36:13 +0900
At 18:50 -0600 3/1/09, Joe Turner wrote:
I am making a hard drive cloner/backuper, and to do some deleting and copying, I need to use the security framework. What I need to be able to do is have the user type in their password one time, and then it would give me system.privilege.admin rights until a time that they want to unauthorized it (could be days, weeks, months, years). I have looked through the security framework, but have not really found how to have one system.privilege.admin authorization, and have it last a long time. So, if anyone could point me in the right direction with this, like what methods to use, and what parameters to use.

One way to do this is to have a second tool that runs as root. You need to ask for admin permissions the first time to enable suid mode on the tool, but after that the tool will run as root with full privileges.

Naturally, this has all the inherent security implications of that of any suid root tool, and the tool must now defend against possible misuse. Some security suggestions include:

* Code sign both your application and your tool and verify both signatures before applying the suid bit.

* Strictly limit the actions of the tool.

* Ensure requests to the tool are processed only if they come from your properly signed application.

* Strictly minimize the tools code to minimize the chance of security related bugs.

* Limit the use of external frameworks in the tool to minimize the chance of security issues.

Enjoy,
   Peter.

--
              Keyboard Maestro 3 Now Available!
   Now run macros from your iPhone with Keyboard Maestro Control!

Keyboard Maestro <http://www.keyboardmaestro.com/> Macros for your Mac
<http://www.stairways.com/>           <http://download.stairways.com/>
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Using the security framework

      • From: Graham Lee <email@hidden>
      • 





References: 


 >Using the security framework (From: Joe Turner <email@hidden>)






    

  • Prev by Date:
Re: NSColorWell----please help

    • 

  • Next by Date:
Re: Using the security framework

    • 

  • Previous by thread:
Re: Using the security framework

    • 

  • Next by thread:
Re: Using the security framework

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •