• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Ping Permission Problem
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ping Permission Problem

  • Subject: Re: Ping Permission Problem
  • From: Peter Sichel <email@hidden>
  • Date: Wed, 15 May 2002 12:01:34 -0400
Hi,

My application uses Ping to check network connectivity before launching a
browser at a particular URL. I'm following the sample code OTPingSample, and
all works fine on OS 9 and X up to OS X 10.1.3.

The problem starts in OS X 10.4, when I open try to open a raw IP endpoint,
I get an error -3200 (Permission denied).

I don't believe it worked in OS X 10.1.3 unless your app was
running under classic. For Carbon, you need privileges to open
a raw ICMP socket.


...does anyone know how I can get around it, so that I can
send a ping, and look for the response?

I'm afraid the solution is rather involved and has been
widely discussed previously. There are two basic approaches:

(1) Write a BSD native ICMP server applet to handle ping
and call this from your OT Carbon application piping back
the results as needed.

(2) Write an OpenICMP server applet to open raw ICMP sockets
and pass back the open socket file descriptor using BSD
descriptor passing.

In either case, the code that opens a raw socket must run
with root privileges. Typically you would isolate this code in
a small unix tool that your main application will configure to
run as suid root using the Security Framework. Notice this tool
must be built as mach-o to be set suid root.

There's no easy way to wrap an OT endpoint around a raw socket,
so your ping code will need to use the BSD networking APIs.
If you actually want to measure round trip time, you should
also use the SO_TIMESTAMP option.

Kind Regards,

- Peter

---------------------------------------
P.S. For those interested in the gory details, here's how I did it:

The Security Framework provides a mechanism to authenticate
the user and run another tool with root privileges. See the
"AuthSample" on Apple's web site.

How best to use this capability is not as well established yet.

- In general, it is considered poor form to run a
GUI application as root.

In my case, I've created a number of small unix tools
that can be set to suid root. The first tool which I've
dubbed "authorize" interprets any command line arguments
as file paths to other tools that need to be set suid root
(chmod followed by chown).

When my application is run, it checks whether each tool is
present, restores it from a backup if needed, and invokes
each tool that needs to run as suid root requesting its
identification and status (whether it is root) to build
a list of tools that need to be authorized. If the list is
non-empty, it then uses the Security Framework to run
my authorize tool as root passing the list of paths to be
authorized. [The authorize tool itself should never be suid root.]

The tools live in the application bundle and each one includes
a backup copy (.bak). When the application is copied from the
Finder, any files set to suid root are not copied so it uses
these backups to self repair. Normally the user is only asked
to authenticate once the first time the application is run or
copied to a new location.

Notice the application goes to some effort to identify each tool
before authorizing it. I don't want to authorize a trojan horse
if someone replaces one of my tools in the bundle. Ideally, you
would sign the file containing each tool but this won't work
because the files may change when your tools are pre-bound.

The tools themselves are relatively safe because they do so little.
Each tool performs one simple task like opening a raw socket,
loading my NKE, or running another privileged tool and piping
back the results. Generally 30 lines of code or less.


QUESTION:

Where do NKEs and suid root tools belong?
I've placed mine in the resource bundle to provide a simple
drag install, but this may be controversial. Mac OS specific
code might appear to belong in the Mac OS directory of the application
bundle, but the conventions seem unclear. NKEs might go in the
/system/library/extensions folder, but this requires a privileged install
(uninstall) process. I understand privileged application components
should go in a non-world writable directory, but I really want
the elegance of a drag and drop install/uninstall. Installers
have their own set of problems.

I'd welcome any thoughts.

- Peter Sichel
Sustainable Softworks
www.sustworks.com
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.
  • Follow-Ups:
    • ISP Dialer Application question
      • From: "Andrew Preston" <email@hidden>
References: 
 >Ping Permission Problem (From: Terry Smyth <email@hidden>)

  • Prev by Date: Re: Ping Permission Problem
  • Next by Date: Changing Various Configuration Things ...
  • Previous by thread: Re: Ping Permission Problem
  • Next by thread: ISP Dialer Application question
  • Index(es):
    • Date
    • Thread