site_archiver@lists.apple.com Delivered-To: installer-dev@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:in-reply-to:references :mime-version:x-priority:content-type:message-id :content-transfer-encoding:from:subject:date:to:x-mailer; bh=G3U1JCFYhLcxHAwTbUBOz8IaHXo/T+rl1PdHevxih4M=; b=jmggDLEQDhgolOBrev8qv1/tQogd3KsnIgHOkvRRS8J0aExEhxvkNzA2sfKfUxDlMW weVOAiZrkSmxnKWn81VDBysaKaZvpTpvf+ZAzGjpbyBgc8aLU4qxy8Oc7XxXNXntKkbA lXHvSR9HmvG6LmQQDlir8jyyqeIZAVjykSBpw= Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=in-reply-to:references:mime-version:x-priority:content-type :message-id:content-transfer-encoding:from:subject:date:to:x-mailer; b=xfFWrmrdmrTjVNihTiaRQqv8HrqBwqb1K0yoq/Y68vXxhf+/RJRZqEQ5UITrx6nefD /LzbOW0KWYXHGLwR6w6OlnAmo5Auv1acHjeV+UzVpkBD4Iqd5Y6pIFOdHHcUeleroSwy Cs6XtpJPsFgDh7d2AYVcBx9m84wWrNd4rjyA8= On Dec 9, 2009, at 9:43 PM, Bill Coderre wrote: Hello, Not sure to understand where the security risk is here. I could be missing something. _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/installer-dev/site_archiver%40lists.a... On Dec 9, 2009, at 11:38 AM, Stanislav Kolar wrote: I have to write an installer plug-in that asks for some initial information during the installation process and saves them as a xml file into /usr/local/my_dir directory. The problem is that in the method "shouldExitPane" I don't have an appropriate rights to modify anything in the directory /usr/local... Is there a solution of my problem ? In an install that requires Admin privileges, Installer panes run as the logged in user, so you have to write your info someplace that THAT user can access. The only good choice is /tmp in some known filename, and then have a preflight or postflight write the info into /usr/local. (You can't use mktemp to generate a temp file securely, because your preflight and postflight need to know the name of the temp file.) This presents a security risk. (For instance, some badguy knows you will be writing into /tmp/MySecretFile, so they create a symlink at that location, and point it to /kernel.) /mach_kernel is root:wheel 644. So if you try to write something into it from the plugin, you won't be able to. The issue could be that someone replaces the contents of the MySecretFile after it has been written and before it has been read by the script. In this case, it might just be easier to modify the installation script to do some very bad things. This email sent to site_archiver@lists.apple.com