On 07/01/2009 05:36, "Peter N Lewis" <pe...@stairways.com.au> wrote:
> At 18:50 -0600 3/1/09, Joe Turner wrote: >> I am making a hard drive cloner/backuper, and to do some deleting >> and copying, I need to use the security framework. What I need to be >> able to do is have the user type in their password one time, and >> then it would give me system.privilege.admin rights until a time >> that they want to unauthorized it (could be days, weeks, months, >> years). I have looked through the security framework, but have not >> really found how to have one system.privilege.admin authorization, >> and have it last a long time. So, if anyone could point me in the >> right direction with this, like what methods to use, and what >> parameters to use. > > One way to do this is to have a second tool that runs as root. You > need to ask for admin permissions the first time to enable suid mode > on the tool, but after that the tool will run as root with full > privileges. > > Naturally, this has all the inherent security implications of that of > any suid root tool, and the tool must now defend against possible > misuse. Some security suggestions include: > To avoid some of the problems with using a setuid tool, you can use launchd to run the privileged process as root. See the B.A.S. readme: http://developer.apple.com/samplecode/BetterAuthorizationSample/listing4.htm l > * Code sign both your application and your tool and verify both > signatures before applying the suid bit. > > * Strictly limit the actions of the tool. > > * Ensure requests to the tool are processed only if they come from > your properly signed application. > > * Strictly minimize the tools code to minimize the chance of security > related bugs. > > * Limit the use of external frameworks in the tool to minimize the > chance of security issues. > These are still all good ideas. Another thing to do is to convert the Auth Services rights structure into an external form, and pass it to the helper - the helper then only performs privileged operations if it agrees that it has received the authorisation. Cheers, Graham. -- Graham Lee Senior Macintosh Software Engineer, Sophos Plc. +44 1235 540266 http://www.sophos.com/ Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom. Company Reg No 2096520. VAT Reg No GB 348 3873 20. _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
