On Jan 24, 2009, at 1:41 PM, Joe Turner wrote:
So, you are saying that I must create an install tool, that installs my utility that will run as root?
I am saying that, in order to maintain your users' system security, you must follow the guidance in the Authorization Services Programming Guide and BetterAuthorizationSample example code when implementing software that needs to run with elevated privileges.
Among other things, to be truly secure you must use a secure installation mechanism. Do not write your own install tool — it can't be made secure without itself being installed via a secure installation mechanism. Instead, use Installer.app for your installations since it's included with the operating system and not modifiable with normal user privileges.
You can still ship your application as a drag-install; for example, your application itself can include an installer package to do the actual installation of the tool it uses and its launchd plist, and open the package in Installer.app if the tool needs to be installed.
-- Chris _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
