Re: which temp dir to use?
Re: which temp dir to use?
- Subject: Re: which temp dir to use?
- From: Michael Ash <email@hidden>
- Date: Mon, 25 May 2009 19:31:12 -0400
On Mon, May 25, 2009 at 7:12 PM, Gwynne Raskind <email@hidden> wrote:
> On May 25, 2009, at 6:52 PM, Michael Ash wrote:
>>
>> The authentication stuff is pertinent, because the AEWP is an example
>> of an API which works by having an unprivileged user process
>> communicate with a privileged process that does the work. A technique
>> which allows you to compromise a process which uses AEWP demonstrates
>> how this compromise can be done with any such setup, even using a
>> secure channel (which AEWP does).
>
> It does? Last I checked, AEWP() used a temp file on disk to pass its
> AuthorizationRef to the child process. Pipes, anyone?
I need fewer assumptions and more fact-checking, apparently.
However, I think this is still "secure", because the AuthorizationRef
is initially generated on the privileged side of things and can't be
faked. (Hey look, more assumptions.) The end result is a secure
channel even if the mechanism to actually transmit the bytes across is
not.
Mike
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden