SM Ryan <wyrmwif@[EMAIL PROTECTED]
> writes:
Tsoft, eh? I'll remember that, and make note not to use their products,
now
that I've seen their programmers' attitude towards security.
> Posted response for google archiving.
This whole thread is archived. Google knows what I really said - and now
it
also knows that you have a habit of misquoting people.
> # I would like to do some code like edit Apache configuration
> # that requires uid root. What I can do is just install a setuid
> # root and just make the changes unannounced. What I would like
> # to do use some function like this
> #
> # suexec(...) - Display the security dialog and on successful
> # identification as an administrator user and password,
> # exec the program ... as setuid root.
> #
>
> The answer is AuthorizationExecuteWithPrivileges.
Try reading the do***entation I pointed you to. It describes when to use
that function, when not to, and why it's a bad idea to use it for what
you're describing above.
> Sherm Pendley <spamtrap@[EMAIL PROTECTED]
> wrote:
I didn't write a single word of what you're attributing to me here.
> Thanks for directing me to the specific function so I didn't have to
wade
> through a bunch of irrelevant (to a very specific question) issues about
> authorisation and authentication and security servers.
The reason I *didn't* point you directly to that function is that the
overview
is far from irrelevant. You've ignored the im****tant parts. By doing so,
you
run the risk of opening up security flaws in your app.
In other words, your stubborn refusal to read the appropriate docs will
increase your users' risk of having their machines pwn3d. Unless that's
exactly what you want, I strongly suggest that you read the docs to which
I referred you.
> (Now that I have the function name, I can read the interface and
> understand Apple's entire philosophy on setuid programs, never
explicitly
> stated before
Actually, by skipping the intro material and going straight to the
interface,
you've entirely *missed* the philosophy. To understand that, you'll need
to
read the doc I pointed out to you.
> , and understand how their security framework rests on that
> philosophy and then proceed knowing where I am going to end up, instead
> having to meander page after page
Meander page after page? What are you talking about? I pointed you to
exactly
the page you needed. It wasn't the one you *wanted*, but that's a
different
kettle of fish.
Your basic premise is flawed; what you asked for would not have helped.
What
*would* have helped is doing as I suggested, searching Apple's developer
site
for "authorization", and reading the *entire* overview that's the first
link
returned by that search.
> So, yeah, thanks.
You're quite welcome.
sherm--
--
Web Hosting by West Virginians, for West Virginians: http://wv-www.net
Cocoa programming in Perl: http://camelbones.sourceforge.net
|
