Re: NSOperation Issues
Re: NSOperation Issues
- Subject: Re: NSOperation Issues
- From: Kyle Sluder <email@hidden>
- Date: Thu, 03 Apr 2014 22:07:51 -0700
On Apr 3, 2014, at 9:54 PM, Jens Alfke <email@hidden> wrote:
>
>
>> On Apr 3, 2014, at 7:47 PM, Varun Chandramohan <email@hidden> wrote:
>>
>> I understand what you mean, but are you saying that I should not use any Foundation library functions when running as root user?
>
> I’m saying you shouldn’t run *anything*, Foundation or not, as root unless there is a very good reason to.
>
>> There are sometimes needs to have super user permission, how do we address that? I mean, lets say we need to add a rule in fw (ipfw) which requires to be root user right?
>
> That’s exactly what the Authorization Services API is for — letting a normal process request the ability to temporarily do something with root privileges. You see it all the time, whenever an app pops up a “This app needs to do such-and-such, please enter an administrator password” panel.
A process cannot elevate its own privileges to root level, even temporarily. So doing anything that requires root privileges necessarily requires running an entire process as root.
Varun, you should create a separate setuid process that does the _absolute minimum_ amount of work that can be encapsulated under root privileges. This process should be launched by your non-setuid main process via Authorization Services.
--Kyle Sluder
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden