• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: execute system("some script") on behalf of root from non-root app
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: execute system("some script") on behalf of root from non-root app

  • Subject: Re: execute system("some script") on behalf of root from non-root app
  • From: Aaron Burghardt <email@hidden>
  • Date: Thu, 6 Jan 2011 11:45:08 -0500
On Jan 6, 2011, at 11:01 AM, eveningnick eveningnick wrote:

>> Executing arbitrary scripts as root is also a potentially major security hole.  Your goal should be to do as little as possible as root (or other elevated privileges), and with as little flexibility as possible.
>>
>> Security is hard, and if you don't understand the issues, you should take a step back and learn them before attempting to work them.  If you get them wrong, you've just exposed your customers to having their machine attacked.
>
> Yes, this kind of applications should be thought throughoutly.
> The biggest problem is the replacement of the helper tool - if it is
> replaced, or an alias is created with the same name in the directory
> of the calling application for ex, which is pointing to a malicious
> app, that malicious process will be executed with root privileges
> instead of a real helper tool which can do anything on the system,
> remaining invisible. For conspiracy it can launch a genuine "helper
> tool" after doing bad things. So when your application gets popular
> (and bad guys find this security hole), it can be and most likely will
> be exploited.
> \

Snow Leopard has a new method of installing privileged helpers which uses code signing to tie your app and the helper together, preventing this type of attack. See:

http://developer.apple.com/library/mac/#documentation/General/Reference/ServiceManagementFwRef/ServiceManagement_h/index.html

Also, there was a 2009 WWDC session which covered this in-depth, Session 500 - Designing for launchd.

Aaron_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >execute system("some script") on behalf of root from non-root app (From: eveningnick eveningnick <email@hidden>)
 >Re: execute system("some script") on behalf of root from non-root app (From: Nick Zitzmann <email@hidden>)
 >Re: execute system("some script") on behalf of root from non-root app (From: eveningnick eveningnick <email@hidden>)
 >RE: execute system("some script") on behalf of root from non-root app (From: Shawn Bakhtiar <email@hidden>)
 >Re: execute system("some script") on behalf of root from non-root app (From: glenn andreas <email@hidden>)
 >Re: execute system("some script") on behalf of root from non-root app (From: eveningnick eveningnick <email@hidden>)

  • Prev by Date: Execute a pre-starting script first, when the App bundle is launched, then the main executable
  • Next by Date: Re: Event to trigger writeSelectionToPasteboard
  • Previous by thread: Re: execute system("some script") on behalf of root from non-root app
  • Next by thread: RE: execute system("some script") on behalf of root from non-root app
  • Index(es):
    • Date
    • Thread