On Wed, Mar 11, 2009 at 3:22 PM, Nick Zitzmann <n...@chronosnet.com> wrote: > What it's saying is AEWP() will run pretty much anything you tell it to run. > That is not always a good thing, because the secure tool can be swapped by > some malware, which would cause AEWP() to run the wrong tool. This is one of > the few cases where running a tool as setuid root actually makes sense, > since the tool can't be swiped without permission. There used to be problems > with this, but they were resolved a long time ago.
Of course, you still have to call AEWP to make it suid root, and things can be taken over at that time. Using a suid root tool reduces your exposure to AEWP, but doesn't eliminate it. Overall, the way I see it, trying to use AEWP safely is like installing triple locks on the door to a house with no walls. There are *so* many ways a piece of evil software can gain root privileges without exploiting a race condition in some other program's use of AEWP. Not to mention, root is overrated anyway: all root does is allow the evil process to fiddle with system files that nobody really cares about. Deleting the user's documents and swiping their credit card numbers can be done without any elevated privileges at all. Mike _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
