Thanks for the answers guys, I agree that Authorization Services API is not feasible in many cases. However I did make sure that daemon that runs as root has very minimal to do and hopefully well written code that is not exploitable. My only worry was that the code I wrote for root daemon was using CoreFoundation and later replaced with Foundation APIs as they lot easier to code and maintain. I saw few people warning against that as there might be some bugs in Foundation API that could exploit my daemon and gain root access. While that is very much a possibility, I was hoping that such issues would be addressed very quickly by Apple? No?
Regards, Varun On 4/04/2014 4:07 pm, "Kyle Sluder" <k...@ksluder.com> wrote: >On Apr 3, 2014, at 9:54 PM, Jens Alfke <j...@mooseyard.com> wrote: >> >> >>> On Apr 3, 2014, at 7:47 PM, Varun Chandramohan >>><varun.chandramo...@wontok.com> wrote: >>> >>> I understand what you mean, but are you saying that I should not use >>>any Foundation library functions when running as root user? >> >> I¹m saying you shouldn¹t run *anything*, Foundation or not, as root >>unless there is a very good reason to. >> >>> There are sometimes needs to have super user permission, how do we >>>address that? I mean, lets say we need to add a rule in fw (ipfw) which >>>requires to be root user right? >> >> That¹s exactly what the Authorization Services API is for ‹ letting a >>normal process request the ability to temporarily do something with root >>privileges. You see it all the time, whenever an app pops up a ³This app >>needs to do such-and-such, please enter an administrator password² panel. > >A process cannot elevate its own privileges to root level, even >temporarily. So doing anything that requires root privileges necessarily >requires running an entire process as root. > >Varun, you should create a separate setuid process that does the >_absolute minimum_ amount of work that can be encapsulated under root >privileges. This process should be launched by your non-setuid main >process via Authorization Services. > >--Kyle Sluder _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
