• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Allow only root/admin users to execute the cocoa app
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Allow only root/admin users to execute the cocoa app

  • Subject: Re: Allow only root/admin users to execute the cocoa app
  • From: Jean-Daniel Dupas <email@hidden>
  • Date: Mon, 25 Jan 2010 10:43:42 +0100
Le 25 janv. 2010 à 07:47, vincent habchi a écrit :

> Le 24 janv. 2010 à 22:31, Todd Heberlein a écrit :
>
>>> I want to allow my cocoa app to be only launched by root/admin users.
>>> How can i achieve this?
>>
>> As I think has already been mentioned, the UNIX approach is to set the application's owner as root and then make it only executable by the owner. However, Apple largely discourages programmers from developing Cocoa apps that will be run with root privileges.
>
> I know that, but, up to this point, I have failed to find any reasonable reason ;) that could justify this point of view, especially since it is always possible to drop root privileges at whatever point, just like postfix or named do. I don't see why being root is permissible for CLI apps and not for GUI ones.


FWIW, from AppKit release notes:

-------
setuid/setgid apps disallowed
As a security measure, SnowLeopard takes steps to prevent applications that use AppKit from running setuid or setgid. If AppKit detects that it is running issetugid(), the following will happen:

Under 64 bit, it will log a message and then exit(EXIT_FAILURE).

Under 32 bit, it will give the user a chance to authenticate as an administrator. If the attempt succeeds, the app will run as normal; if the user fails to authenticate, or cancels, it will exit(EXIT_FAILURE). If the attempt fails because the authentication dialog could not be shown, then it will perform a linked on or after check. Apps linked before SnowLeopard will be allowed to run; applications linked on or after SnowLeopard will be exited.

This only affects applications that have the setuid or setgid Unix permission bit set, or apps that inherit this bit from a fork() of a setugid app. This does not affect applications run via sudo, su, or normally as root
-------

So unless you think you know better than Apple what you're doing, never run an GUI application with privileges. Gwynne's anwser give you some reasons why this is bad.


-- Jean-Daniel




_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Allow only root/admin users to execute the cocoa app
      • From: vincent habchi <email@hidden>
References: 
 >Allow only root/admin users to execute the cocoa app (From: Arun <email@hidden>)
 >Re: Allow only root/admin users to execute the cocoa app (From: Todd Heberlein <email@hidden>)
 >Re: Allow only root/admin users to execute the cocoa app (From: vincent habchi <email@hidden>)

  • Prev by Date: Re: Re: Application is not available in the launched applications list.
  • Next by Date: MVC design Q - remembering Core Data selections
  • Previous by thread: Re: Allow only root/admin users to execute the cocoa app
  • Next by thread: Re: Allow only root/admin users to execute the cocoa app
  • Index(es):
    • Date
    • Thread