Re: Allow only root/admin users to execute the cocoa app
Re: Allow only root/admin users to execute the cocoa app
- Subject: Re: Allow only root/admin users to execute the cocoa app
- From: vincent habchi <email@hidden>
- Date: Mon, 25 Jan 2010 12:07:12 +0100
Le 25 janv. 2010 à 11:56, Uli Kusterer a écrit :
> At WWDC I was told that Apple don't test AppKit against root (or at least, not much). Since the idea is to limit the time applications run as root for security reasons, there is no high priority find and fix such issues in AppKit. This means Apple can focus more of its developers on hardening the command-line part against root exploits.
>
> There have been issues like this in the past. For example, for a while, loginwindow used to load QuickTime components, which would then get loaded as root. A harmless application installing a QuickTime component could then cause the OS to crash at login time, as root.
>
> So, whatever your or my or Gwynne's personal opinion, Mac OS X has been designed under the assumption that no GUI app will be run as root (only a few tasks like loginwindow). If you do so anyway, you're tearing a hole in Apple's security policy and endangering your users' Macs.
Okay, I didn't meant to be rude, arrogant or whatever. I just tried to understand. But I'm perfectly aware that when you develop for a given platform, you implicitly agree to abide by its philosophy. I've not been confronted to this problem up to now, so I came up with the solution I adopted before in a pure Unix/X11 environment. Hopefully, if ever I have to face it, I'll remember what you told me.
Tchüß!
Vincent_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden