Re: Privilege elevation of a cocoa app
Re: Privilege elevation of a cocoa app
- Subject: Re: Privilege elevation of a cocoa app
- From: Todd Heberlein <email@hidden>
- Date: Thu, 21 May 2009 09:55:24 -0700
Is there any way in which i can elevate the privilege of the binary
after
authentication.
Look at the BetterAuthorizationSample code and documentation at
http://developer.apple.com/referencelibrary/Security/idxAuthorization-date.html
Basically you put your privileged code in a non-GUI application (e.g.,
a BSD shell application) called "HelperTool" in the
BetterAuthorizationSample (BAS). One of the reasons for this is you
don't want to incorporate a huge amount of GUI and other library code
that might have bugs (my apologizes to Apple engineers) into a
privileged process. Also, you usually have only a very small amount of
code in the HelperTool that needs to run with privileges, so it is
easier to check for your own bugs. The HelperTool is then started by
launchd, which can launch it with an elevated privileges. The BAS
library code provides some APIs to pass arguments to, and receive data
back from the HelperTool.
For example, I use HelperTool to open a specific file that require
root access, and then I pass the file descriptor back to my Cocoa
application.
Still, it took me a little while to figure out how to integrate the
BAS code into my own -- there are quite a few steps you need to follow.
Todd
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden