RE: execute system("some script") on behalf of root from non-root app
RE: execute system("some script") on behalf of root from non-root app
- Subject: RE: execute system("some script") on behalf of root from non-root app
- From: Shawn Bakhtiar <email@hidden>
- Date: Thu, 6 Jan 2011 11:08:15 -0500
- Importance: Normal
Possibly....
But if we are talking about an installer, it almost always will require root access at some level. However, if your looking for a program as part of the user (not admin) experience to install and uninstall components, than you do need to be extremely careful. A user should never really have to install anything, and if they do, they can always root it in there home directory.
You don't need root privilege to install in user space, you need root privilege to install into system areas. You could easily make your application rooted in the users directory, where it would have full access without needed root privileges.
> From: email@hidden
> Date: Thu, 6 Jan 2011 08:20:02 -0600
> To: email@hidden
> Subject: Re: execute system("some script") on behalf of root from non-root app
>
> Executing arbitrary scripts as root is also a potentially major security hole. Your goal should be to do as little as possible as root (or other elevated privileges), and with as little flexibility as possible.
>
> Security is hard, and if you don't understand the issues, you should take a step back and learn them before attempting to work them. If you get them wrong, you've just exposed your customers to having their machine attacked.
>
> On Jan 5, 2011, at 1:49 PM, Shawn Bakhtiar wrote:
>
> >
> >
> > Search google is not an answer, although a good suggestion. Could you please post the solution you came up with to the list. There are many ways to skin this cat, I think we would all benefit from your experience.
> >
> > Correct. You are NOT running them as root, but you can easily tell the script to "sudo su" and go from there, which in effect will make you root.
> >
> > Also have you looked at making the uninstaller be an apple script?
> >
> > Also does any one know if there is a setup program like there use to be on Windows (IE Nullsoft)?
> >
> >
> >> Date: Wed, 5 Jan 2011 21:40:09 +0200
> >> From: email@hidden
> >> To: email@hidden
> >> CC: email@hidden
> >> Subject: Re: execute system("some script") on behalf of root from non-root app
> >>
> >> Thanks Nick, i really should've googled before asking.
> >> _______________________________________________
> >>
> >> Cocoa-dev mailing list (email@hidden)
> >>
> >> Please do not post admin requests or moderator comments to the list.
> >> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
> >>
> >> Help/Unsubscribe/Update your Subscription:
> >>
> >> This email sent to email@hidden
> > _______________________________________________
> >
> > Cocoa-dev mailing list (email@hidden)
> >
> > Please do not post admin requests or moderator comments to the list.
> > Contact the moderators at cocoa-dev-admins(at)lists.apple.com
> >
> > Help/Unsubscribe/Update your Subscription:
> >
> > This email sent to email@hidden
>
> Glenn Andreas email@hidden
> The most merciful thing in the world ... is the inability of the human mind to correlate all its contents - HPL
>
> _______________________________________________
>
> Cocoa-dev mailing list (email@hidden)
>
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden