Re: how to run my app in privileged mode

Tue, 03 Jun 2008 18:18:24 -0700 

On Jun 3, 2008, at 2:08 PM, Jean-Daniel Dupas wrote:
Note that you should never run a GUI application with elevated provilege, particulary an application that uses AppKit, this is EVIL. 


Just to explain a bit *why* this is evil and why you absolutely should  
not do this, here's a little demonstration which you can try on your  
own machine if you like:


my-machine:~ me$ sudo -s
Password:
bash-3.2# /Applications/TextEdit.app/Contents/MacOS/TextEdit &
[1] 51668
bash-3.2# exit
exit
my-machine:~ me$ mkdir testfolder
my-machine:~ me$ touch testfolder/testfile
my-machine:~ me$ sudo chown root:wheel testfolder
my-machine:~ me$ sudo chmod 700 testfolder
my-machine:~ me$ ls -l testfolder
ls: testfolder: Permission denied

my-machine:~ me$ osascript -e 'tell application "TextEdit" to do shell  
script "ls -l ~/testfolder"'

-rw-r--r--  1 me  me  0 Jun  3 20:09 testfile


As you can see from the above example, if a Cocoa app is running as  
root, AppleScript combined with "do shell script" can be used by any  
unprivileged user to run commands as root. Effectively this means that  
if even a single Cocoa app is running as root, you've effectively  
given root access to every other binary on the entire system. Needless  
to say, that's a bad thing.



Personally, I consider this a large security flaw in OS X, since it's  
easily possible for a developer to do what the OP here is thinking of  
doing, and the user could run this without necessarily realizing what  
is going on, and it would open the door for any virus or trojan to  
become root and take over the whole system. However, every time I  
report this, it gets flagged as "Behaves Correctly" because GUI apps  
aren't supposed to run as root anyway. Well yes, they're not. But what  
if they *do* somehow? :-/


Charles
_______________________________________________

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to [EMAIL PROTECTED]






















					Reply via email to