Re: setuid installer?
Re: setuid installer?
- Subject: Re: setuid installer?
- From: Rick Mann <email@hidden>
- Date: Fri, 3 Apr 2009 16:05:22 -0700
On Apr 3, 2009, at 15:55:58, Karl Kuehn wrote:
On Apr 3, 2009, at 3:42 PM, Rick Mann wrote:
We want to execute our updates in the background, but they require
authentication. I've tried creating a script with setuid set, but
the installer still complains that it needs to be authenticated. I
then wrote a tiny C program that execs my script, and prints the
effective user ID, but it still complains.
I don't know why the c program is not working, but in 10.5 Apple
restricted setuid to only being available to compiled programs (ie:
no scripts).
I changed the C program to call the installer command invocation
directly, rather than calling a script that calls it. This seemed to
work.
But if you are going to need root permissions to update things,
then don't you need it during the install? And if so, then if you
put in a postflight script it should run as root already (script or
program), solving your problem.
When the product is first installed, it is done via a normal, user-
initiated installation process, and they enter their credentials at
the appropriate time. The product is a combination of faceless
background app (agent), which is always running, and GUI, which is
launched as needed by the user.
When a new version becomes available, the old version no longer works.
If the GUI is not running, we silently update the components and re-
launch the agent. If the GUI is running, we display an alert before
doing this, and relaunch it after.
However, I am going to urge you to think this through, there are
two cases you should make sure that your installer (and by extension
now your updater) takes into consideration:
1) The installer could be run via something like Apple Remote
Desktop and be running either underneath a totally unaware user, or
it could be running behind the loginwindow. Both of these
circumstances mean that you should not have any GUI component that
is not part of the normal installer system (ie: installer bundles).
2) Your installer could be run on a filesystem other than the booted
one, even if you have set the "only on booted volume" flag. This is
used internally by Apple in packaging computers (for special runs),
and projects like InstaDMG also do this.
I'm not sure of the impact you're cautioning me about in these two
instances. It should never run behind the login window, because we
don't launch the agent unless the user is logged in.
Don't get #2 at all.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden