• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Using the security framework
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using the security framework

  • Subject: Re: Using the security framework
  • From: Graham Lee <email@hidden>
  • Date: Wed, 7 Jan 2009 10:47:29 +0000
  • Acceptlanguage: en-US, en-GB
  • Thread-topic: Using the security framework
On 07/01/2009 05:36, "Peter N Lewis" <email@hidden> wrote:

> At 18:50 -0600 3/1/09, Joe Turner wrote:
>> I am making a hard drive cloner/backuper, and to do some deleting
>> and copying, I need to use the security framework. What I need to be
>> able to do is have the user type in their password one time, and
>> then it would give me system.privilege.admin rights until a time
>> that they want to unauthorized it (could be days, weeks, months,
>> years). I have looked through the security framework, but have not
>> really found how to have one system.privilege.admin authorization,
>> and have it last a long time. So, if anyone could point me in the
>> right direction with this, like what methods to use, and what
>> parameters to use.
>
> One way to do this is to have a second tool that runs as root.  You
> need to ask for admin permissions the first time to enable suid mode
> on the tool, but after that the tool will run as root with full
> privileges.
>
> Naturally, this has all the inherent security implications of that of
> any suid root tool, and the tool must now defend against possible
> misuse.  Some security suggestions include:
>

To avoid some of the problems with using a setuid tool, you can use launchd
to run the privileged process as root. See the B.A.S. readme:
http://developer.apple.com/samplecode/BetterAuthorizationSample/listing4.htm
l

> * Code sign both your application and your tool and verify both
> signatures before applying the suid bit.
>
> * Strictly limit the actions of the tool.
>
> * Ensure requests to the tool are processed only if they come from
> your properly signed application.
>
> * Strictly minimize the tools code to minimize the chance of security
> related bugs.
>
> * Limit the use of external frameworks in the tool to minimize the
> chance of security issues.
>


These are still all good ideas. Another thing to do is to convert the Auth
Services rights structure into an external form, and pass it to the helper -
the helper then only performs privileged operations if it agrees that it has
received the authorisation.

Cheers,
Graham.

--
Graham Lee
Senior Macintosh Software Engineer, Sophos Plc.
+44 1235 540266
http://www.sophos.com/


Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom.
Company Reg No 2096520. VAT Reg No GB 348 3873 20.
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Re: Using the security framework (From: Peter N Lewis <email@hidden>)

  • Prev by Date: Re: Using the security framework
  • Next by Date: Re: Enum advice please
  • Previous by thread: Re: Using the security framework
  • Next by thread: Re: Using the security framework
  • Index(es):
    • Date
    • Thread