Re: Launching an app with extended rights
Re: Launching an app with extended rights
- Subject: Re: Launching an app with extended rights
- From: Nick Zitzmann <email@hidden>
- Date: Sun, 18 Sep 2011 11:13:29 -0600
On Sep 18, 2011, at 10:05 AM, Tito Ciuro wrote:
> Hello,
>
> When my app launches, I'd like it to listen to port 80 or 443. To do that, I believe I need to use Security Framework Authorization API to obtain extended rights. A potential solution is to split the app's executable int two parts:
>
> 1) one executable, the main one that first gets launched, obtains extended rights.
> 2) the app itself, which is the embedded web server.
>
> When the user double clicks the app, it would execute (1) with:
>
> SFAuthorization *authorization = [SFAuthorization authorization];
> BOOL result = [authorization obtainWithRights:NULL
> flags:kAuthorizationFlagExtendRights
> environment:NULL
> authorizedRights:NULL
> error:&error];
You need to obtain the system.privilege.admin right if you want to launch a task with root privileges. You should also use the kAuthorizationFlagInteractionAllowed and kAuthorizationFlagPreAuthorize flags as well.
> and then use NSTask to launch (2) via:
>
> + (NSString *)stringByLaunchingPath:(NSString *)processPath
> withArguments:(NSArray *)arguments
> authorization:(SFAuthorization *)authorization
> error:(NSError **)error;
>
> Is this approach the way to go, or is there an easier/better/safer way do to that?
You must use AuthorizationExecuteWithPrivileges() to launch a task with privileges; you cannot do that with NSTask.
Nick Zitzmann
<http://www.chronosnet.com/>
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden