On Sat, Jan 24, 2009 at 9:29 PM, Michael Ash michael@gmail.com wrote:
I'm afraid I don't understand this advice. Could you explain what sort
of vulnerability would exist in a custom install tool that would not
exist when using Installer.app to install a custom package?
It's vulnerable to a
On Sun, Jan 25, 2009 at 12:54 AM, Chris Hanson c...@me.com wrote:
On Jan 24, 2009, at 6:29 PM, Michael Ash wrote:
On Sat, Jan 24, 2009 at 6:08 PM, Chris Hanson c...@me.com wrote:
Among other things, to be truly secure you must use a secure installation
mechanism. Do not write your own
On Fri, Jan 23, 2009 at 10:59 PM, Joe Turner joetur...@me.com wrote:
Okay, so, it seems everyone was right :) I went to cocoabuilder to find some
of the responses to this, that I never got.
Anyways, it seems I can just call AEWP() once, and it should stay suid.
So, my last question to
Cool, thanks!
Then I now have another question: Why not just run chmod on my utility
when it's 'unlocked', and change the userID to 0. Then when it's
locked, change it back to 501?
Or, is this exactly what AEWP() will do?
Thanks!
Cheers,
Joe Turner
On Jan 24, 2009, at 6:47 AM, Michael
I think I figured out how SD does it:
When you unlock SD!, it calls AEWP() on SDAgent. Then, SDAgent calls
setuid(0) to make itself root. With it as root, when it calls SDCopy,
or SDDiskTool, it calls it with AEWP, and since it's root, it doesn't
need the user's password to do this!
This
So, you are saying that I must create an install tool, that installs
my utility that will run as root?
On Jan 24, 2009, at 2:23 PM, Chris Hanson wrote:
The proper way to construct everything you've described is discussed
in the Authorization Services Programming Guide.
On Jan 24, 2009, at 1:41 PM, Joe Turner wrote:
So, you are saying that I must create an install tool, that installs
my utility that will run as root?
I am saying that, in order to maintain your users' system security,
you must follow the guidance in the Authorization Services Programming
On Sat, Jan 24, 2009 at 6:08 PM, Chris Hanson c...@me.com wrote:
Among other things, to be truly secure you must use a secure installation
mechanism. Do not write your own install tool — it can't be made secure
without itself being installed via a secure installation mechanism.
Instead, use
On Jan 24, 2009, at 6:29 PM, Michael Ash wrote:
On Sat, Jan 24, 2009 at 6:08 PM, Chris Hanson c...@me.com wrote:
Among other things, to be truly secure you must use a secure
installation
mechanism. Do not write your own install tool — it can't be made
secure
without itself being installed
But you can also code sign nowadays
On Jan 24, 2009, at 11:54 PM, Chris Hanson wrote:
On Jan 24, 2009, at 6:29 PM, Michael Ash wrote:
On Sat, Jan 24, 2009 at 6:08 PM, Chris Hanson c...@me.com wrote:
Among other things, to be truly secure you must use a secure
installation
mechanism. Do not
On 23 Jan 2009, at 05:05, Michael Ash wrote:
On Thu, Jan 22, 2009 at 10:15 PM, Joe Turner joetur...@me.com wrote:
On Jan 22, 2009, at 4:57 PM, Nick Zitzmann wrote:
On Jan 22, 2009, at 4:09 PM, Joe Turner wrote:
I see. Then, how would you suggest to create a cloner/deleter, if
it
needs
Okay, so, it seems everyone was right :) I went to cocoabuilder to
find some of the responses to this, that I never got.
Anyways, it seems I can just call AEWP() once, and it should stay suid.
So, my last question to everyone is, how do I know if the tool is
suid. I mean, I could implement
Thanks again for the speedy responses!
On Jan 20, 2009, at 1:47 AM, Nick Zitzmann wrote:
On Jan 19, 2009, at 7:56 PM, Joe Turner wrote:
That makes sense, but then how does an app like SuperDuper! do it.
You click the lock, enter your password, and then you don't need to
enter your
On Jan 22, 2009, at 4:09 PM, Joe Turner wrote:
I see. Then, how would you suggest to create a cloner/deleter, if it
needs root privileges, but cannot use the security framework?
I didn't say you couldn't use the security framework. I said you ought
to consider re-thinking your strategy.
On Jan 22, 2009, at 4:57 PM, Nick Zitzmann wrote:
On Jan 22, 2009, at 4:09 PM, Joe Turner wrote:
I see. Then, how would you suggest to create a cloner/deleter, if
it needs root privileges, but cannot use the security framework?
I didn't say you couldn't use the security framework. I said
On Thu, Jan 22, 2009 at 10:15 PM, Joe Turner joetur...@me.com wrote:
On Jan 22, 2009, at 4:57 PM, Nick Zitzmann wrote:
On Jan 22, 2009, at 4:09 PM, Joe Turner wrote:
I see. Then, how would you suggest to create a cloner/deleter, if it
needs root privileges, but cannot use the security
On Jan 6, 2009, at 10:45 AM, Nick Zitzmann wrote:
On Jan 3, 2009, at 6:50 PM, Joe Turner wrote:
I am making a hard drive cloner/backuper, and to do some deleting
and copying, I need to use the security framework. What I need to
be able to do is have the user type in their password one
On 20/01/2009, at 12:56 PM, Joe Turner wrote:
That makes sense, but then how does an app like SuperDuper! do it.
You click the lock, enter your password, and then you don't need to
enter your password again until you lock it again. And, it is the
regular security framework password
At 18:50 -0600 3/1/09, Joe Turner wrote:
I am making a hard drive cloner/backuper, and to do some deleting
and copying, I need to use the security framework. What I need to be
able to do is have the user type in their password one time, and
then it would give me system.privilege.admin rights
On 07/01/2009 05:36, Peter N Lewis pe...@stairways.com.au wrote:
At 18:50 -0600 3/1/09, Joe Turner wrote:
I am making a hard drive cloner/backuper, and to do some deleting
and copying, I need to use the security framework. What I need to be
able to do is have the user type in their password
Hello!
I am making a hard drive cloner/backuper, and to do some deleting and
copying, I need to use the security framework. What I need to be able
to do is have the user type in their password one time, and then it
would give me system.privilege.admin rights until a time that they
want
On Jan 3, 2009, at 6:50 PM, Joe Turner wrote:
I am making a hard drive cloner/backuper, and to do some deleting
and copying, I need to use the security framework. What I need to be
able to do is have the user type in their password one time, and
then it would give me
22 matches
Mail list logo
