On Mon, May 25, 2009 at 7:12 PM, Gwynne Raskind <[email protected]> wrote: > On May 25, 2009, at 6:52 PM, Michael Ash wrote: >> >> The authentication stuff is pertinent, because the AEWP is an example >> of an API which works by having an unprivileged user process >> communicate with a privileged process that does the work. A technique >> which allows you to compromise a process which uses AEWP demonstrates >> how this compromise can be done with any such setup, even using a >> secure channel (which AEWP does). > > It does? Last I checked, AEWP() used a temp file on disk to pass its > AuthorizationRef to the child process. Pipes, anyone?
I need fewer assumptions and more fact-checking, apparently. However, I think this is still "secure", because the AuthorizationRef is initially generated on the privileged side of things and can't be faked. (Hey look, more assumptions.) The end result is a secure channel even if the mechanism to actually transmit the bytes across is not. Mike _______________________________________________ Cocoa-dev mailing list ([email protected]) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [email protected]
