Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: Using the security framework

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using the security framework

Subject: Re: Using the security framework
From: Joe Turner <email@hidden>
Date: Fri, 23 Jan 2009 21:59:17 -0600

Okay, so, it seems everyone was right :) I went to cocoabuilder to find some of the responses to this, that I never got.

Anyways, it seems I can just call AEWP() once, and it should stay suid.

So, my last question to everyone is, how do I know if the tool is suid. I mean, I could implement some sort of lock-unlock thing, and then I would be pretty sure, but is there anyway to know for sure?

And, is there a way to take SUID away from it? So, if I want to lock it, it would work.

Thanks everyone!

Cheers,

Joe Turner
On Jan 22, 2009, at 4:57 PM, Nick Zitzmann wrote:

On Jan 22, 2009, at 4:09 PM, Joe Turner wrote:
I see. Then, how would you suggest to create a cloner/deleter, if it needs root privileges, but cannot use the security framework?
I didn't say you couldn't use the security framework. I said you ought to consider re-thinking your strategy.

And, since running scripts from root is dangerous, then is there any good way to be able to delete protected (not your user account) files? Or, should I just have it copy or delete files the user has access to?
There's nothing wrong with running scripts strictly as root, since a lot of system scripts are run this way. But AEWP() doesn't run executables as root; it runs them as the user with root privileges. There's an important difference.

Instead of running a shell script, run another non-GUI command line tool of your making with AEWP() that does the required privileged task(s). Running shell code with root privileges as some user is possible, but it's an easy attack vector due to the inheritance of the user's shell environment. Running a command line tool is a bit more difficult to hack (but still possible if someone is determined enough). Plus, then you can use NSFileManager. :)

You could even take security to the extreme, as I once did in an application, and check signatures before calling AEWP(), but that's probably too extreme, as it's unlikely someone will rewrite or replace your executable unless the file system gave them permission to do so.
Nick Zitzmann
<http://www.chronosnet.com/>


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


Follow-Ups:

Re: Using the security framework
From: Michael Ash <email@hidden>


References:  
  >Using the security framework (From: Joe Turner <email@hidden>)
  >Re: Using the security framework (From: Nick Zitzmann <email@hidden>)
  >Re: Using the security framework (From: Joe Turner <email@hidden>)
  >Re: Using the security framework (From: Nick Zitzmann <email@hidden>)
  >Re: Using the security framework (From: Joe Turner <email@hidden>)
  >Re: Using the security framework (From: Nick Zitzmann <email@hidden>)




Prev by Date:
Re: Questions about the Pantomime framework

Next by Date:
Re: NSCaledarDate's deprecation

Previous by thread:
Re: Using the security framework

Next by thread:
Re: Using the security framework

Index(es):

Date
Thread