Re: Using the security framework
Re: Using the security framework
- Subject: Re: Using the security framework
- From: Joe Turner <email@hidden>
- Date: Sat, 24 Jan 2009 13:31:48 -0600
I think I figured out how SD does it:
When you unlock SD!, it calls AEWP() on SDAgent. Then, SDAgent calls
setuid(0) to make itself root. With it as root, when it calls SDCopy,
or SDDiskTool, it calls it with AEWP, and since it's root, it doesn't
need the user's password to do this!
This is just my guess. But it sounds fairly right :)
Cheers,
Joe Turner
On Jan 24, 2009, at 6:47 AM, Michael Ash wrote:
On Fri, Jan 23, 2009 at 10:59 PM, Joe Turner <email@hidden> wrote:
Okay, so, it seems everyone was right :) I went to cocoabuilder to
find some
of the responses to this, that I never got.
Anyways, it seems I can just call AEWP() once, and it should stay
suid.
So, my last question to everyone is, how do I know if the tool is
suid. I
mean, I could implement some sort of lock-unlock thing, and then I
would be
pretty sure, but is there anyway to know for sure?
And, is there a way to take SUID away from it? So, if I want to
lock it, it
would work.
"man 2 stat" to check the bit, "man 2 chmod" to set it.
Mike
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden