Running Shell Script from Cocoa Application

  • Hi All,
          I'm developing an Cocoa application .  Now i need to execute the shell
    script from my application.

          Can any one provide pointers on executing shell script from Cocoa
    application.If possible provide some examples/links.

          Is it possible to execute the shell script with admin privileges(sudo
    command) from Cocoa Application ?

          Please help me to solve this . Thanks in Advance.

    -JanakiRam.
  • > Can any one provide pointers on executing shell script from Cocoa
    > application.If possible provide some examples/links.
    >
    > Is it possible to execute the shell script with admin
    > privileges(sudo
    > command) from Cocoa Application ?

      Have you tried searching the documentation, this list's archives,
    or Google? This is discussed fairly regularly. NSTask and AuthServices
    are terms that will prove helpful while searching ...

    --
    I.S.
  • On Oct 6, 2007, at 12:11 PM, JanakiRam wrote:

    > Hi All,
    > I'm developing an Cocoa application .  Now i need to execute
    > the shell
    > script from my application.
    >
    > Can any one provide pointers on executing shell script from
    > Cocoa
    > application.If possible provide some examples/links.
    >
    > Is it possible to execute the shell script with admin
    > privileges(sudo
    > command) from Cocoa Application ?
    >
    > Please help me to solve this . Thanks in Advance.

    Probably looking for NSTask

    see http://www.cocoadev.com/index.pl?NSTask for starters
  • On Oct 6, 2007, at 10:21 PM, Sam DeVore wrote:

    > Probably looking for NSTask

    Is there a reason (not) to use the C function system(3)? What's the
    difference to NSTask (other than that it is an object)?

    Daniel
  • system() blocks and NSTask can run async for one thing. If the goal
    is to be running a script as super user, you shouldn't be using
    either NSTask or system(). The correct approach is to use a helper
    tool and authservices, as someone alluded to.

    - d

    On Oct 6, 2007, at 5:01 PM, Daniel Dalquen wrote:

    >
    > On Oct 6, 2007, at 10:21 PM, Sam DeVore wrote:
    >
    >> Probably looking for NSTask
    >
    > Is there a reason (not) to use the C function system(3)? What's the
    > difference to NSTask (other than that it is an object)?
    >
    > Daniel
  • On 10/6/07, Daniel Dalquen <ddalquen...> wrote:
    >
    > On Oct 6, 2007, at 10:21 PM, Sam DeVore wrote:
    >
    >> Probably looking for NSTask
    >
    > Is there a reason (not) to use the C function system(3)? What's the
    > difference to NSTask (other than that it is an object)?

    system() blocks
    system() invokes a shell

    However, since the OP wants to execute something with elevated
    privileges, *neither* is an appropriate tool for this job (running
    shell scripts as root is a *very* bad idea). You really need to use <a
    href="">Authorization
    Services</a>

    --
    Clark S. Cox III
    <clarkcox3...>
  • On Oct 7, 2007, at 4:23 AM, Clark Cox wrote:

    > However, since the OP wants to execute something with elevated
    > privileges, *neither* is an appropriate tool for this job (running
    > shell scripts as root is a *very* bad idea). You really need to use <a
    > href="http://developer.apple.com/documentation/Security/Conceptual/
    > authorization_concepts/01introduction/
    > chapter_1_section_1.html">AuthorizationServices</a>

    That's what I want, too, and I am using AuthorizationServices. I'm
    just not sure, whether I am using it correctly... I need to copy a
    lauchd plist file to /Library/LaunchDeamons, unload an existing
    launchd config and load the new one. So, in my app I call an
    installer tool with AuthorizationExecuteWithPrivileges() and the
    installer then calls setuid(0) before doing the things described
    above. Is that correct or how should I do it better?

    Daniel
  • On Oct 7, 2007, at 5:09 AM, Daniel Dalquen wrote:

    > That's what I want, too, and I am using AuthorizationServices. I'm
    > just not sure, whether I am using it correctly... I need to copy a
    > lauchd plist file to /Library/LaunchDeamons, unload an existing
    > launchd config and load the new one. So, in my app I call an
    > installer tool with AuthorizationExecuteWithPrivileges() and the
    > installer then calls setuid(0) before doing the things described
    > above. Is that correct or how should I do it better?

    That's what I did for a tool that loads/unloads a kext (controlled
    via dashboard widget), and it works well.

    Jaime Magiera
    Sensory Research Network
    http://www.sensoryresearch.net
  • Hi

    This is how I Run my Shell Scripts. This should help.

    1. Get AuthorizationReference
    - (BOOL)getAuthorizationRef {
      OSStatus status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment,
                                            kAuthorizationFlagDefaults, &authRef_);

      AuthorizationItem myItems = {kAuthorizationRightExecute, 0, NULL, 0};
      AuthorizationRights myRights = {1, &myItems};
      AuthorizationFlags flags = kAuthorizationFlagDefaults |
            kAuthorizationFlagInteractionAllowed |
            kAuthorizationFlagPreAuthorize |
            kAuthorizationFlagExtendRights;

      status = AuthorizationCopyRights(authRef_, &myRights,
                                      kAuthorizationEmptyEnvironment, flags, NULL);

      if (status != errAuthorizationSuccess) {
        return NO;
      }
      return YES;
    }

    2. Run the script:
        char *args[2];
        NSString *launchTool = @"/bin/sh";

        args[0] = (char *)[ShellScript fileSystemRepresentation];
        args[1] = NULL;

      NSLog (@"args[1] = %s", args[1]);

        OSStatus status =
        AuthorizationExecuteWithPrivileges(authRef_, [launchTool UTF8String], 0,
                                          args, NULL);

        if (status == errAuthorizationCanceled) {
            NSLog (@"Canceled error");
        } else if (status != errAuthorizationSuccess) {
            NSLog (@"Failure error");
        }

    3. Release authorizationRef:
    - (void)applicationWillTerminate:(NSNotification *)aNotification {
        AuthorizationFree(authRef_, kAuthorizationFlagDestroyRights);
    }

    DG

    ----- Original Message ----
    From: Jaime Magiera <jaime...>
    To: Cocoa Developers <cocoa-dev...>
    Sent: Sunday, 7 October, 2007 6:15:30 AM
    Subject: Re: Running Shell Script from Cocoa Application

    On Oct 7, 2007, at 5:09 AM, Daniel Dalquen wrote:

    > That's what I want, too, and I am using AuthorizationServices. I'm
    > just not sure, whether I am using it correctly... I need to copy a
    > lauchd plist file to /Library/LaunchDeamons, unload an existing
    > launchd config and load the new one. So, in my app I call an
    > installer tool with AuthorizationExecuteWithPrivileges() and the
    > installer then calls setuid(0) before doing the things described
    > above. Is that correct or how should I do it better?

    That's what I did for a tool that loads/unloads a kext (controlled
    via dashboard widget), and it works well.

    Jaime Magiera
    Sensory Research Network
    http://www.sensoryresearch.net

          Flying to Bangalore or Bhopal? Search for tickets at http://in.farechase.yahoo.com
  • On Oct 8, 2007, at 11:04 AM, deepak gopal wrote:

    > Hi
    >
    > This is how I Run my Shell Scripts. This should help.
    >
    > 2. Run the script:
    > char *args[2];
    > NSString *launchTool = @"/bin/sh";
    >
    > args[0] = (char *)[ShellScript fileSystemRepresentation];
    > args[1] = NULL;
    >
    > NSLog (@"args[1] = %s", args[1]);
    >
    > OSStatus status =
    > AuthorizationExecuteWithPrivileges(authRef_, [launchTool
    > UTF8String], 0,
    > args, NULL);
    >
    > if (status == errAuthorizationCanceled) {
    > NSLog (@"Canceled error");
    > } else if (status != errAuthorizationSuccess) {
    > NSLog (@"Failure error");
    > }
    >

    Note that there are security risks when running shell scripts in a
    privileged context.  From <http://www.faqs.org/faqs/unix-faq/faq/
    part4/section-7.html
    >:

          Now that we have made sure the right file gets interpreted, are
          there any risks left?

          Certainly!  For shell scripts you must not forget to set the PATH
          variable to a safe path explicitly.  Can you figure out why?
          Also there is the IFS variable that might cause trouble if not
          set properly.  Other environment variables might turn out to
          compromise security as well, e.g. SHELL...  Furthermore you must
          make sure the commands in the script do not allow interactive
          shell escapes!  Then there is the umask which may have been set
          to something strange...

          Etcetera.  You should realise that a setuid script `inherits' all
          the bugs and security risks of the commands that it calls!

          All in all we get the impression setuid shell scripts are quite a
          risky business!  You may be better off writing a C program
    instead!

    Things like helper tools and like should be as absolutely small as
    possible, with the least possibility for exploitation.  Don't have
    the tool link in a whole bunch of high level libraries (ideally, it
    shouldn't use anything above libc - I'd be hesitant to even use
    Objective-C, and certainly nothing like AppKit), don't allow for
    arbitrary parameters, don't embed some sort of interpreter with the
    ability to access other subsystems, etc... Using /bin/sh as that tool
    is one of the worse possible examples of such practice.

    Glenn Andreas                      <gandreas...>
      <http://www.gandreas.com/> wicked fun!
    quadrium | flame : flame fractals & strange attractors : build,
    mutate, evolve, animate
  • Thanks Glenn, this is very useful info.

    ----- Original Message ----
    From: glenn andreas <gandreas...>
    To: deepak gopal <deepak_gopal_21...>
    Cc: Cocoa Developers <cocoa-dev...>
    Sent: Monday, 8 October, 2007 9:37:41 AM
    Subject: Re: Running Shell Script from Cocoa Application

    On Oct 8, 2007, at 11:04 AM, deepak gopal wrote:

    > Hi
    >
    > This is how I Run my Shell Scripts. This should help.
    >
    > 2. Run the script:
    > char *args[2];
    > NSString *launchTool = @"/bin/sh";
    >
    > args[0] = (char *)[ShellScript fileSystemRepresentation];
    > args[1] = NULL;
    >
    > NSLog (@"args[1] = %s", args[1]);
    >
    > OSStatus status =
    > AuthorizationExecuteWithPrivileges(authRef_, [launchTool
    > UTF8String], 0,
    > args, NULL);
    >
    > if (status == errAuthorizationCanceled) {
    > NSLog (@"Canceled error");
    > } else if (status != errAuthorizationSuccess) {
    > NSLog (@"Failure error");
    > }
    >

    Note that there are security risks when running shell scripts in a
    privileged context.  From <http://www.faqs.org/faqs/unix-faq/faq/
    part4/section-7.html
    >:

          Now that we have made sure the right file gets interpreted, are
          there any risks left?

          Certainly!  For shell scripts you must not forget to set the PATH
          variable to a safe path explicitly.  Can you figure out why?
          Also there is the IFS variable that might cause trouble if not
          set properly.  Other environment variables might turn out to
          compromise security as well, e.g. SHELL...  Furthermore you must
          make sure the commands in the script do not allow interactive
          shell escapes!  Then there is the umask which may have been set
          to something strange...

          Etcetera.  You should realise that a setuid script `inherits' all
          the bugs and security risks of the commands that it calls!

          All in all we get the impression setuid shell scripts are quite a
          risky business!  You may be better off writing a C program
    instead!

    Things like helper tools and like should be as absolutely small as
    possible, with the least possibility for exploitation.  Don't have
    the tool link in a whole bunch of high level libraries (ideally, it
    shouldn't use anything above libc - I'd be hesitant to even use
    Objective-C, and certainly nothing like AppKit), don't allow for
    arbitrary parameters, don't embed some sort of interpreter with the
    ability to access other subsystems, etc... Using /bin/sh as that tool
    is one of the worse possible examples of such practice.

    Glenn Andreas                      <gandreas...>
      <http://www..gandreas.com/> wicked fun!
    quadrium | flame : flame fractals & strange attractors : build,
    mutate, evolve, animate

          Bring your gang together - do your thing. Go to http://in.promos.yahoo.com/groups
previous month october 2007 next month
MTWTFSS
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        
Go to today