Re: Installer has admin permissions but installer plugins don't
Re: Installer has admin permissions but installer plugins don't
- Subject: Re: Installer has admin permissions but installer plugins don't
- From: ERG Consultant <email@hidden>
- Date: Mon, 4 May 2009 23:11:14 -0700 (PDT)
I am fully aware of the security issues having already written several helper tools. Stating that a temp text file written to /tmp is a security hole is really stretching it a bit.
NSTemporaryDirectory can't be used because there is no way to specify that path in Packagemaker. I did indeed end up installing a file into tmp and then having my plugin move it.
Sent from my iPod
On May 4, 2009, at 2:05 PM, Kyle Sluder <email@hidden> wrote:
On Sat, May 2, 2009 at 5:07 PM, Fritz Anderson <email@hidden> wrote:
For most purposes, it's enough for the plugin to write what it has learned
into /tmp, for one of the scripts to act on.
Do not use /tmp. Use NSTemporaryDirectory, which on Leopard is a
user-specific directory. Using /tmp opens up a class of security
vulnerabilities that might allow code execution in another user's
context.
Also, be very careful if you're trying to use temporary files to pass
data from a non-privileged to a privileged process. You might
introduce a race condition under which a malicious application could
escalate its privileges by overwriting the contents of the temporary
file between the non-privileged write and the privileged read.
--Kyle Sluder
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden