Re: Get root privileges with NSTask

Mon, 24 Mar 2008 20:18:55 -0700 

Search the list. This comes up often.
<http://search.lists.apple.com/?q=root+privileges&cmd=Search%21&ul=cocoa-dev > 


When I say "it comes up often", I mean "this gets asked so often that  
it actually was talked about yesterday". Chris Hanson posted this:



(1) Use Authorization Services to create an authorization reference  
for the right to unload your daemon.
(2) Use NSTask to run a setuid-root helper tool you've written that  
can only unload your daemon.
(3) Pass the externalized form of the authorization reference from  
#1 over a pipe to the task in #2.
(4) Verify in the task from #2 that the authorization reference  
actually confers the appropriate right.

(5) Unload the daemon.


If the setuid helper tool isn't setuid-root,  
AuthorizationExecuteWithPrivilegs should be used to fix that from  
within the tool itself -- in other words, the helper tool should be  
self-repairing.



THis is all described in "Performing Privileged Operations With  
Authorization Services" at <http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/01introduction/chapter_1_section_1.html 
>.  Everyone who wants to perform privileged operations MUST read  
and understand this document completely before attempting to write  
code to do so, to preserve the security of their users' systems.




--
m-s

On 24 Mar, 2008, at 23:07, Mr. Gecko wrote:

Hello I am needing to get root privileges with NSTask so my program  
can install some items that will get downloaded from the internet  
with curl is that possible I know I can do that with applescript.


Thanks for tips/help,
Mr. Gecko
_______________________________________________

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

http://lists.apple.com/mailman/options/cocoa-dev/mikey-san 
%40bungie.org


This email sent to [EMAIL PROTECTED]


_______________________________________________

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to [EMAIL PROTECTED]






















					Reply via email to