Re: Ownership and permissions for applications: security issues?
Re: Ownership and permissions for applications: security issues?
- Subject: Re: Ownership and permissions for applications: security issues?
- From: Greg Guerin <email@hidden>
- Date: Thu, 13 Sep 2007 11:27:36 -0700
Steve Checkoway wrote:
>That said, one thing you could do is add a small binary in your app's
>bundle such that if everything in your bundle isn't owned by root, you
>run the binary which attempts to authorize itself (or possibly the app
>authorizes and runs the binary as root) and then chown(2) everything
>to root.
Be careful with that approach.
If the executable blindly does a chown(2), then a latent setuid-foo
executable (e.g. a booby-trap left by malware) will become setuid-root.
The integrity and authenticity of everything being chown'ed to root should
be verified first. If something shouldn't be there, or isn't authentic, it
should all be left alone.
This presents another problem: the list of authentic items to chown should
itself be authenticated... and so on.
It would be less troublesome to create an Installer package.
-- GG
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden