Re: Ownership and permissions for applications: security issues?
Re: Ownership and permissions for applications: security issues?
- Subject: Re: Ownership and permissions for applications: security issues?
- From: Steve Checkoway <email@hidden>
- Date: Thu, 13 Sep 2007 03:57:23 -0700
On Sep 13, 2007, at 12:47 AM, Stefan Haller wrote:
I wonder if having permissions of 7xx isn't a huge security issue
though, at least for software that is distributed on disk images for a
manual drag-and-drop install
<snip>
Any opinions?
I'm not sure I agree with your assessment that using 7xx is a security
issue. Two reasons, one, this is very common among *nix when a non-
root (or other admin with sudo access, for example) user installs
software. The second is that even with removing write access, there's
nothing preventing malware from chmod(2)ing everything to what it
wants in the first place.
That said, one thing you could do is add a small binary in your app's
bundle such that if everything in your bundle isn't owned by root, you
run the binary which attempts to authorize itself (or possibly the app
authorizes and runs the binary as root) and then chown(2) everything
to root.
I believe that there is sample code to this effect somewhere on
apple's site. I still think you're being overly paranoid though. I've
never sat and thought about it, but if I were writing malware, I can
think of several things I'd rather do than try to infect _your_
application, whatever it might be.
--
Steve Checkoway
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden