On Apr 3, 2014, at 9:54 PM, Jens Alfke <j...@mooseyard.com> wrote: > > >> On Apr 3, 2014, at 7:47 PM, Varun Chandramohan >> <varun.chandramo...@wontok.com> wrote: >> >> I understand what you mean, but are you saying that I should not use any >> Foundation library functions when running as root user? > > I’m saying you shouldn’t run *anything*, Foundation or not, as root unless > there is a very good reason to. > >> There are sometimes needs to have super user permission, how do we address >> that? I mean, lets say we need to add a rule in fw (ipfw) which requires to >> be root user right? > > That’s exactly what the Authorization Services API is for — letting a normal > process request the ability to temporarily do something with root privileges. > You see it all the time, whenever an app pops up a “This app needs to do > such-and-such, please enter an administrator password” panel.
A process cannot elevate its own privileges to root level, even temporarily. So doing anything that requires root privileges necessarily requires running an entire process as root. Varun, you should create a separate setuid process that does the _absolute minimum_ amount of work that can be encapsulated under root privileges. This process should be launched by your non-setuid main process via Authorization Services. --Kyle Sluder _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
