On Jan 6, 2011, at 11:01 AM, eveningnick eveningnick wrote: >> Executing arbitrary scripts as root is also a potentially major security >> hole. Your goal should be to do as little as possible as root (or other >> elevated privileges), and with as little flexibility as possible. >> >> Security is hard, and if you don't understand the issues, you should take a >> step back and learn them before attempting to work them. If you get them >> wrong, you've just exposed your customers to having their machine attacked. > > Yes, this kind of applications should be thought throughoutly. > The biggest problem is the replacement of the helper tool - if it is > replaced, or an alias is created with the same name in the directory > of the calling application for ex, which is pointing to a malicious > app, that malicious process will be executed with root privileges > instead of a real helper tool which can do anything on the system, > remaining invisible. For conspiracy it can launch a genuine "helper > tool" after doing bad things. So when your application gets popular > (and bad guys find this security hole), it can be and most likely will > be exploited. > \
Snow Leopard has a new method of installing privileged helpers which uses code signing to tie your app and the helper together, preventing this type of attack. See: http://developer.apple.com/library/mac/#documentation/General/Reference/ServiceManagementFwRef/ServiceManagement_h/index.html Also, there was a 2009 WWDC session which covered this in-depth, Session 500 - Designing for launchd. Aaron_______________________________________________ Cocoa-dev mailing list ([email protected]) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [email protected]
