Re: which temp dir to use?
Re: which temp dir to use?
- Subject: Re: which temp dir to use?
- From: Gwynne Raskind <email@hidden>
- Date: Mon, 25 May 2009 19:12:50 -0400
On May 25, 2009, at 6:52 PM, Michael Ash wrote:
The authentication stuff is pertinent, because the AEWP is an example
of an API which works by having an unprivileged user process
communicate with a privileged process that does the work. A technique
which allows you to compromise a process which uses AEWP demonstrates
how this compromise can be done with any such setup, even using a
secure channel (which AEWP does).
It does? Last I checked, AEWP() used a temp file on disk to pass its
AuthorizationRef to the child process. Pipes, anyone?
-- Gwynne, Daughter of the Code
"This whole world is an asylum for the incurable."
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden