Re: State of performing tasks with elevated privileges
Re: State of performing tasks with elevated privileges
- Subject: Re: State of performing tasks with elevated privileges
- From: Michael Ash <email@hidden>
- Date: Wed, 11 Mar 2009 21:22:59 -0400
On Wed, Mar 11, 2009 at 3:22 PM, Nick Zitzmann <email@hidden> wrote:
> What it's saying is AEWP() will run pretty much anything you tell it to run.
> That is not always a good thing, because the secure tool can be swapped by
> some malware, which would cause AEWP() to run the wrong tool. This is one of
> the few cases where running a tool as setuid root actually makes sense,
> since the tool can't be swiped without permission. There used to be problems
> with this, but they were resolved a long time ago.
Of course, you still have to call AEWP to make it suid root, and
things can be taken over at that time. Using a suid root tool reduces
your exposure to AEWP, but doesn't eliminate it.
Overall, the way I see it, trying to use AEWP safely is like
installing triple locks on the door to a house with no walls. There
are *so* many ways a piece of evil software can gain root privileges
without exploiting a race condition in some other program's use of
AEWP. Not to mention, root is overrated anyway: all root does is allow
the evil process to fiddle with system files that nobody really cares
about. Deleting the user's documents and swiping their credit card
numbers can be done without any elevated privileges at all.
Mike
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden