Re: MoreAuthSample
Re: MoreAuthSample
- Subject: Re: MoreAuthSample
- From: "Andy Cave" <email@hidden>
- Date: Mon, 20 Mar 2006 21:32:05 -0000
- Organization: Hamillroad Software
Hi Quinn,
OK - you did say "I'm more than happy to discuss this code ...", so I have a
question (OK - nearly 3 years later on...):
I only just re-discovered this email - wish I'd done so sooner, as I've
worked through many of the issues you've encountered. I found AuthSample,
but somehow missed MoreAuthSample. Most of the solutions I came up with were
very similar to yours.
However, I think I have one more previously unknown issue with
AuthorizationExecuteWithPrivileges which is not dealt with in your code. If
the file descriptors for stdin and stdout have been closed, then
AuthorizationExecuteWithPrivileges silently fails(!!). This took me quite
some time to track down. My privileged tool was working fine until I put it
into my application!!
Question is, can you confirm that this is a bug in AEWP and not covered in
your code?
Thanks,
Andy.
----- Original Message -----
From: "Quinn" <email@hidden>
To: <email@hidden>
Sent: Friday, January 24, 2003 7:34 AM
Subject: MoreAuthSample
Greetings All
When you deal with networking on Mac OS X, you often have to run as root
(with your process's EUID equal to 0) in order to do certain things (bind
to low-numbered ports, send and receive pings, access raw Ethernet).
Apple's recommended approach for doing this is to factor your application
into the main application and a setuid root helper tool. In the past the
canonical technique for doing this was demonstrated by the AuthSample
sample code.
Over the past few months I've been rewriting AuthSample as MoreAuthSample.
The new code has a number of advantages.
o The bulk of MoreAuthSample is implemented in a code library,
MoreSecurity. You can reuse the common code as a whole and just
concentrate on the application-specific parts of your code.
o MoreAuthSample allows your application to pass a CFDictionary to the
helper tool, whereas AuthSample only allows you to pass a simple parameter
block. The AuthSample approach is more secure, but it is also much less
flexible.
o MoreAuthSample allows your application to receive a complex response
from the helper tool (a CFDictionary) while AuthSample only returns a
simple error code.
o MoreAuthSample stores its helper tool in the Application Support folder,
which fixes many of the real world problems encountered by users of
AuthSample.
You can download MoreAuthSample from the URL below.
<http://developer.apple.com/samplecode/Sample_Code/Security/MoreAuthSample.htm>
The sample includes extensive documentation. Please before it you use the
code.
I'm more than happy to discuss this code on this mailing list so, if you
have questions, feel free to ask them here.
S+E
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Technical Support * Networking, Communications, Hardware
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden