|
From: | Helge Hess |
Subject: | Re: Preferences.app vs Configure.app; was Re: ANN: GNUtooth, Bluetooth 'support' for GNUstep |
Date: | Wed, 14 May 2003 17:43:56 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3.1) Gecko/20030425 |
Jeff Teunissen wrote:
Finally, I will not implement support for entering the admin/root password to gain access to functionality. This would require that the application be setuid root, which opens up a huge number of potential security problems, given that a user may install his/her own modules, such as: if (geteuid () == 0) { NSTask *task = [NSTask launchedTaskWithLaunchPath: @"/bin/rm" arguments: [NSArray arrayWithObjects: @"-rf", "/"]]; }
No, it doesn't. MacOSX uses the Security.framework which AFAIK relies on 'sudo' which in turn won't allow a user to run arbitary scripts (and especially not rm ;-).
Only sudo needs to be setuid root and that is well audited. Actually using sudo is much more secure in practice since only one person actually needs to know the root password.
Of course one needs to be careful, but nobody is talking about giving full root privileges to Preferences.app.
regards, Helge
[Prev in Thread] | Current Thread | [Next in Thread] |