Re: Confused about AuthorizationExecuteWithPrivileges and suid

Wed, 11 Jun 2008 18:49:41 -0700

The documentation is talking about using AuthorizationExecuteWithPrivleges() to repair a setuid tool that you may have already created. It is also suggesting that you use the setuid tool method rather than using AuthorizationExecuteWithPrivleges(). In this way, the setuid tool can limit itself to only doing a specific task. It can also ensure that its caller is authorized to call it and abort in any other circumstance.
All that said, you don't need any setuid bit in order to call AuthorizationExecuteWithPrivleges() (neither on the calling application nor on the target application). 

/jac

On Jun 11, 2008, at 21:34 , Eyal Redler wrote:


Hi All,


I need to access some files in the Applications folder and in order  
to do so I did the following:



1. I've created a tool that copies the files into the Applications  
folder (using NSFileManager)

2. I'm invoking the tool using AuthorizationExecuteWithPrivileges()
3. In the tool I'm calling setuid(geteuid()) at the begining
4. The tool does not have its setuid bit set


This setup seems to work fine without doing anything regarding the  
setuid bit yet the (very unclear and confusing) documentation seems  
to refer to AuthorizationExecuteWithPrivileges as something you use  
to run a setuid tool.


Should I set the setuid bit? Why?

TIA

Eyal Redler
------------------------------------------------------------------------------------------------

"If Uri Geller bends spoons with divine powers, then he's doing it  
the hard way."

--James Randi
www.eyalredler.com


_______________________________________________

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

http://lists.apple.com/mailman/options/cocoa-dev/jason.coco 
%40gmail.com


This email sent to [EMAIL PROTECTED]


_______________________________________________

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to [EMAIL PROTECTED]






















					Reply via email to