I'm looking at some code* in an app which uses a helper tool, in order
to open and read the contents of a protected file. Normally the user
does not have privileges to read this file, hence the authorization.
Here's the process it goes through:
App:
AuthorizationCreate
AuthorizationCopyRights(my.right, PreAuthorize | ExtendRights)
AuthorizationMakeExternalForm
Create a pipe, fork, child does execle(path/to/tool)
Write the external form of the auth ref to the pipe the tool has open
Tool:
AuthorizationCreateFromExternalForm
AuthorizationCopyRights(my.right, ExtendRights)
descriptor = open(path/to/file, O_RDONLY)
Send the descriptor back to the app on the pipe
exit
App:
Gets the descriptor back from the tool
fdopen(descriptor)
... read from the file all it wants ...
I don't understand how the app allowed to use that file descriptor to
read the file's contents. The tool is running as root, so it's obvious
that it is able to open the file, but how can another process just
start using that descriptor? Is it because it's the parent process? If
so: I always thought that only worked the other way around - child
processes could use *parent* process descriptors. If NOT, then what is
it? The app only preauthorized some arbitrary right, it didn't
actually get any privileges to open and read a protected file.
Thanks,
--
Seth Willits
* it's spaghetti and all over the place, so don't ask for it :-)
_______________________________________________
Cocoa-dev mailing list ([email protected])
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to [email protected]
