• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: State of performing tasks with elevated privileges
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: State of performing tasks with elevated privileges

  • Subject: Re: State of performing tasks with elevated privileges
  • From: Sidney San Martín <email@hidden>
  • Date: Wed, 11 Mar 2009 14:52:57 -0400
All right, those are fair points. But I forgot to mention that what also worries me about that method is this paragraph from the Authorization Services Programming Guide:

"You may be tempted to use the function AuthorizationExecuteWithPrivileges to perform privileged operations rather than creating and calling your own setuid tool. Although this might seem like an easy solution, using the AuthorizationExecuteWithPrivileges function without the rest of the Authorization Services functions produces a severe security hole because the function indiscriminately runs any tool as the root user. Setuid tools also have security risks, but they are far less severe than using the function AuthorizationExecuteWithPrivileges for purposes other than those described in this document. Read “Factored Applications” for instructions on creating your own helper tool."

I don't completely follow that warning. If I have a factored helper tool, is it important for it to be setuid root? What, even, is the advantage of using the complex libraries contained in MoreSecurity and BetterAuthorizationSample. Do people not use them in the real world?

On Tue, Mar 10, 2009 at 1:45 PM, Nick Zitzmann <email@hidden> wrote: 

On Mar 10, 2009, at 10:39 AM, Sidney San Martín wrote:

I can make a helper tool that I call with
AuthorizationExecuteWithPrivileges. I already have this working, but
it's vulnerable to attack (if the helper binary is replaced)

Yes, but the chances of that happening are very, very low unless the same
user who installed the application also installed some malware that
intentionally targeted your app. If that's a concern to you, then you could
check a checksum or some other signature before invoking AEWP(). But keep in
mind that (1) malware of any kind on Mac OS X is very rare to nonexistent,
and (2) you cannot stop a very determined attacker; you can make it more
difficult to discourage the less determined, but not impossible.

and
apparently has poorly-documented caveats (needing to reap the process
when it's done executing, for one, which is something else I've never
done).


Well, you don't _need_ to reap the zombies if you don't want to. It'll just
look strange in Activity Monitor, and will waste a little RAM until the
parent task exits.

Nick Zitzmann
<http://www.chronosnet.com/>





_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: State of performing tasks with elevated privileges

      • From: Nick Zitzmann <email@hidden>
      • 



    

  • Prev by Date:
Re: setFrame: not working in custom event loop

    • 

  • Next by Date:
[SOLVED] Re: setFrame: not working in custom event loop

    • 

  • Previous by thread:
Re: State of performing tasks with elevated privileges

    • 

  • Next by thread:
Re: State of performing tasks with elevated privileges

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •