Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: Installer has admin permissions but installer plugins don't

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Installer has admin permissions but installer plugins don't

Subject: Re: Installer has admin permissions but installer plugins don't
From: Kyle Sluder <email@hidden>
Date: Tue, 5 May 2009 04:33:05 -0400

On Tue, May 5, 2009 at 2:11 AM, ERG Consultant <email@hidden> wrote:
> I am fully aware of the security issues having already written several helper tools. Stating that a temp text file written to /tmp is a security hole is really stretching it a bit.

I didn't say it was a security hole.  I said it opened up a class of
security vulnerabilities; you can avoid these by doing things right.
One of the most important things is to make sure your files are
created with permissions that do not allow others to write to those
files.  This is a bit of a problem because PackageMaker sets those
permissions for you based on what you specify in the BOM.

--Kyle Sluder
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

References:
	>Re: Installer has admin permissions but installer plugins don't (From: ERG Consultant <email@hidden>)

Prev by Date: Core Data: [Fixed] NSPredicate failing when using NSSQLiteStoreType
Next by Date: Re: Custom log file for NSLog
Previous by thread: Re: Installer has admin permissions but installer plugins don't
Next by thread: Re: Modifying NSTableView cell data just prior to invoking field editor
Index(es):
- Date
- Thread