State of performing tasks with elevated privileges
State of performing tasks with elevated privileges
- Subject: State of performing tasks with elevated privileges
- From: Sidney San MartÃn <email@hidden>
- Date: Tue, 10 Mar 2009 12:39:36 -0400
I'm fairly new to Cocoa (new to real desktop programing in general, to
be honest) and am building an app that's going to want occasional
system-level privileges (10.4+). Actually, here's what it needs:
1. To be able to set its preferences system-wide
2. To add itself as a login item for all users
3. To uninstall itself entirely (manually and requiring admin
authorization, or silently self-destructing)
4. To do any of the above without making assumptions about the
logged-in user (admin, regular, network).
After poking around a lot in the documentation and on list archives,
it looked like my best bet would be to create a helper tool to do
anything privileged. Things started to get complicated.
It looks now like I have four options:
I can make a helper tool that I call with
AuthorizationExecuteWithPrivileges. I already have this working, but
it's vulnerable to attack (if the helper binary is replaced) and
apparently has poorly-documented caveats (needing to reap the process
when it's done executing, for one, which is something else I've never
done).
I can make a helper tool that's package-installed as suid root. I
shouldn't have to worry too much about it other than checking with the
parent before doing anything dangerous. Anyone with rights to modify
it already has control over the system. However, this kind of tool
will only run from a permissions-enabled drive and can't be
drag-copied or drag-installed. Not elegant.
The third option looks to be MoreSecurity. Takes care of its own
copying and permissions. But it's very, very old code and I haven't
even gotten the example to compile yet on my Leopard machine.
Something about the many hundreds of lines of C used to solve the
problem makes me uneasy (one of the reasons I'm writing this).
The final option would be BetterAuthorizationSample. It's new.
Wonderful. But it installs a launchd plist, and looking around at my
own systems I see no evidence that any of the applications I use on an
everyday basis work this way. I only find them for apps that really
are running as daemons, and not in the format BAS uses. Also, this
text is in the readme: "if your application needs elevated privileges
for a one-off task (like installing or uninstalling), you should
consider using AuthorizationExecuteWithPrivileges directly." What I'm
doing won't be one-off, but it won't be common either. I also hear the
occasional warning that launchd has serious issues in Tiger. How true
is this?
I'm coming to cocoa-dev looking for some guidance on the real-world,
current way of doing this. What have I missed? What's obsolete, what's
advised against, and what are you all using in production?
Any guidance would be deeply appreciated.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden