site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com User-agent: Mutt/1.4.2.1i On Mon, Dec 13, 2004 at 08:55:37PM -0800, William C. McCain scratched on the wall:
It works fine in a shell when I prefix my application with "sudo". But I can't ask users to do that! I have also been able to get it to work from an AppleScript (something like 'do shell script "sudo open MyApp"'). That will be what I will have to ship, unless there is a better, more "transparent" solution.
Any ideas?
One of the things I've done to access privileged ports in complex perl applications (e.g. stuff that would never run "tainted") is to write a small external C/C++ wrapper. The C program can be setuid or run via sudo and can route communications to some other non-privileged networking port, UNIX socket, or stdin/out. In my case, it was for outgoing connections (a legacy application that depended on some aspects of the auth/auth system wanting privileged ports-- don't get me started...). Incoming are a bit trickier since you can have more than one, but something that just bounces to the privileged port to another port (including multiple connections) that your non-root application can listen on should only be a ~100 line C program. -j -- Jay A. Kreibich | Comm. Technologies, R&D jak@uiuc.edu | Campus IT & Edu. Svcs. <http://www.uiuc.edu/~jak> | University of Illinois at U/C _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com