Re: Privilege elevation of a cocoa app
Re: Privilege elevation of a cocoa app
- Subject: Re: Privilege elevation of a cocoa app
- From: Michael Ash <email@hidden>
- Date: Thu, 21 May 2009 11:54:36 -0400
On Thu, May 21, 2009 at 5:49 AM, Arun <email@hidden> wrote:
> Hi All,
>
> I have an application which when launched asks for user to authenticate for
> admin rights.
> After user authenticates the app is launched. I thought after authentication
> the Application executes with admin privilages. But is is still executing in
> user privilages only.
> Is there any way in which i can elevate the privilege of the binary after
> authentication.
No. It is a fundamental design feature of UNIX that a process's
privileges can only decrease, never increase.
What Authorization Services allows you to do is run a *new* process
with elevated privileges.
This stuff is extremely complex and you can't just blunder around in
it hoping to find the right magic combination. Read through Apple's
sample code extensively, and borrow from it as much as you possibly
can:
http://developer.apple.com/samplecode/Security/idxAuthorization-date.html
Yes, that sample code is all extremely difficult and complex, but
that's because you've picked a task which is extremely difficult and
complex.
Mike
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden