On Fri, Aug 21, 2009 at 2:12 PM, Seth Willits wrote:
>> The second bit of information is that permissions are tested at the time
>> of the open(). Once you have the file descriptor, you can use it without
>> further checks.
>
> That's the bit that confuses me, because it seems to be a security gap
On Aug 21, 2009, at 12:24 PM, Stephen J. Butler wrote:
The second bit of information is that permissions are tested at
the time
of the open(). Once you have the file descriptor, you can use it
without
further checks.
That's the bit that confuses me, because it seems to be a security
gap
On Fri, Aug 21, 2009 at 2:12 PM, Seth Willits wrote:
>> The second bit of information is that permissions are tested at the time
>> of the open(). Once you have the file descriptor, you can use it without
>> further checks.
>
> That's the bit that confuses me, because it seems to be a security gap
The second bit of information is that permissions are tested at the
time of the open(). Once you have the file descriptor, you can use
it without further checks.
That's the bit that confuses me, because it seems to be a security
gap. It sounds like I could just spawn an application which
Le 21 août 2009 à 18:55, Todd Heberlein a écrit :
I don't understand how the app allowed to use that file descriptor
to read the file's contents.
Its a general UNIX thing. If you have a book on UNIX interprocess
communications, you can probably find some details in it. And as
others have
I don't understand how the app allowed to use that file descriptor
to read the file's contents.
Its a general UNIX thing. If you have a book on UNIX interprocess
communications, you can probably find some details in it. And as
others have pointed out, permissions are checked at the time of
On Fri, Aug 21, 2009 at 7:29 AM, Jerry Krinock wrote:
>
> On 2009 Aug 21, at 00:27, Stephen J. Butler wrote:
>
>> Also, the MoreIsBetter samples include MoreSecurity which helps you
>> write helper tools
>
> For Mac OS 10.4 and above, MoreIsBetter has been superceded by
> BetterAuthorizationSample.
On 2009 Aug 21, at 00:27, Stephen J. Butler wrote:
Also, the MoreIsBetter samples include MoreSecurity which helps you
write helper tools
For Mac OS 10.4 and above, MoreIsBetter has been superceded by
BetterAuthorizationSample. For help with BetterAuthorizationSample,
search list archive
On Aug 21, 2009, at 1:33 AM, Seth Willits wrote:
I'm looking at some code* in an app which uses a helper tool, in
order to open and read the contents of a protected file. Normally
the user does not have privileges to read this file, hence the
authorization. Here's the process it goes throug
On Fri, Aug 21, 2009 at 1:56 AM, Dave Keck wrote:
> File descriptors can be passed between processes using the sendmsg() API.
>
> If you have further questions about that, I'd suggest taking this
> question to darwin-dev.
Also, the MoreIsBetter samples include MoreSecurity which helps you
write he
File descriptors can be passed between processes using the sendmsg() API.
If you have further questions about that, I'd suggest taking this
question to darwin-dev.
Here's some links:
http://devworld.apple.com/qa/qa2007/qa1541.html
http://topiks.org/mac-os-x/0321278542/ch09lev1sec11.html
I'm looking at some code* in an app which uses a helper tool, in order
to open and read the contents of a protected file. Normally the user
does not have privileges to read this file, hence the authorization.
Here's the process it goes through:
App:
AuthorizationCreate
Au
12 matches
Mail list logo