Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: execute system("some script") on behalf of root from non-root app

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: execute system("some script") on behalf of root from non-root app

Subject: Re: execute system("some script") on behalf of root from non-root app
From: glenn andreas <email@hidden>
Date: Thu, 06 Jan 2011 08:20:02 -0600

Executing arbitrary scripts as root is also a potentially major security hole.  Your goal should be to do as little as possible as root (or other elevated privileges), and with as little flexibility as possible.

Security is hard, and if you don't understand the issues, you should take a step back and learn them before attempting to work them.  If you get them wrong, you've just exposed your customers to having their machine attacked.

On Jan 5, 2011, at 1:49 PM, Shawn Bakhtiar wrote:

>
>
> Search google is not an answer, although a good suggestion. Could you please post the solution you came up with to the list. There are many ways to skin this cat, I think we would all benefit from your experience.
>
> Correct. You are NOT running them as root, but you can easily tell the script to "sudo su" and go from there, which in effect will make you root.
>
> Also have you looked at making the uninstaller be an apple script?
>
> Also does any one know if there is a setup program like there use to be on Windows (IE Nullsoft)?
>
>
>> Date: Wed, 5 Jan 2011 21:40:09 +0200
>> From: email@hidden
>> To: email@hidden
>> CC: email@hidden
>> Subject: Re: execute system("some script") on behalf of root from non-root	app
>>
>> Thanks Nick, i really should've googled before asking.
>> _______________________________________________
>>
>> Cocoa-dev mailing list (email@hidden)
>>
>> Please do not post admin requests or moderator comments to the list.
>> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>>
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
> 		 	   		  _______________________________________________
>
> Cocoa-dev mailing list (email@hidden)
>
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden

Glenn Andreas                      email@hidden
The most merciful thing in the world ... is the inability of the human mind to correlate all its contents - HPL

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Follow-Ups:
- RE: execute system("some script") on behalf of root from non-root app
  - From: Shawn Bakhtiar <email@hidden>
- Re: execute system("some script") on behalf of root from non-root app
  - From: eveningnick eveningnick <email@hidden>

References:
	>execute system("some script") on behalf of root from non-root app (From: eveningnick eveningnick <email@hidden>)
	>Re: execute system("some script") on behalf of root from non-root app (From: Nick Zitzmann <email@hidden>)
	>Re: execute system("some script") on behalf of root from non-root app (From: eveningnick eveningnick <email@hidden>)
	>RE: execute system("some script") on behalf of root from non-root app (From: Shawn Bakhtiar <email@hidden>)

Prev by Date: Re: Making a window topmost within an application
Next by Date: Re: Application that uninstalls itself
Previous by thread: RE: execute system("some script") on behalf of root from non-root app
Next by thread: Re: execute system("some script") on behalf of root from non-root app
Index(es):
- Date
- Thread