Re: Environment/permissions on NSTask-launched app

FROM : Bill Bumgarner
DATE : Thu Jul 20 04:27:22 2006

On Jul 19, 2006, at 7:10 PM, Andrew Farmer wrote:

> On 19 Jul 06, at 17:17, Brad Peterson wrote:

>> I'll try that, thank you. What value would you suggest
>> for setuid()? Should I just use 501 again?

>
> "501" will only work for the first user to create an account on the 
> machine, as that's the first autogenerated user ID.
>
> Please don't write applications that run as root without a *full* 
> understanding of the security implications thereof!


Yeah -- what he said.  I just caught the end of this thread.

From the above, I take it that you are trying to downgrade a process 
from root to a particular user?

This is an incredible difficult problem rife with potential security 
holes.  Not to be attempted unless you are seriously steeped in the 
subtleties of Mac OS X's process model and the role that users play 
therein.

I would recommend starting with Amit Singh's *Mac OS X Internals* book 
and then be prepared for some serious research beyond that.

b.bum