I'm fairly new to Cocoa (new to real desktop programing in general, to be honest) and am building an app that's going to want occasional system-level privileges (10.4+). Actually, here's what it needs:
1. To be able to set its preferences system-wide 2. To add itself as a login item for all users 3. To uninstall itself entirely (manually and requiring admin authorization, or silently self-destructing) 4. To do any of the above without making assumptions about the logged-in user (admin, regular, network). After poking around a lot in the documentation and on list archives, it looked like my best bet would be to create a helper tool to do anything privileged. Things started to get complicated. It looks now like I have four options: I can make a helper tool that I call with AuthorizationExecuteWithPrivileges. I already have this working, but it's vulnerable to attack (if the helper binary is replaced) and apparently has poorly-documented caveats (needing to reap the process when it's done executing, for one, which is something else I've never done). I can make a helper tool that's package-installed as suid root. I shouldn't have to worry too much about it other than checking with the parent before doing anything dangerous. Anyone with rights to modify it already has control over the system. However, this kind of tool will only run from a permissions-enabled drive and can't be drag-copied or drag-installed. Not elegant. The third option looks to be MoreSecurity. Takes care of its own copying and permissions. But it's very, very old code and I haven't even gotten the example to compile yet on my Leopard machine. Something about the many hundreds of lines of C used to solve the problem makes me uneasy (one of the reasons I'm writing this). The final option would be BetterAuthorizationSample. It's new. Wonderful. But it installs a launchd plist, and looking around at my own systems I see no evidence that any of the applications I use on an everyday basis work this way. I only find them for apps that really are running as daemons, and not in the format BAS uses. Also, this text is in the readme: "if your application needs elevated privileges for a one-off task (like installing or uninstalling), you should consider using AuthorizationExecuteWithPrivileges directly." What I'm doing won't be one-off, but it won't be common either. I also hear the occasional warning that launchd has serious issues in Tiger. How true is this? I'm coming to cocoa-dev looking for some guidance on the real-world, current way of doing this. What have I missed? What's obsolete, what's advised against, and what are you all using in production? Any guidance would be deeply appreciated. _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
