Cocoa mail archive
Re: Environment/permissions on NSTask-launched app
FROM : Sherm Pendley
DATE : Fri Jul 21 17:23:58 2006
On Jul 20, 2006, at 11:23 PM, Andrew Farmer wrote:
> On 20 Jul 06, at 19:36, Brad Peterson wrote:
>>> No offense intended, but at this point I agree with the others - if
>>> you're doing this for self-education that's great, but if you're
>>> going to distribute this to other people you *seriously* need to
>>> turn
>>> this project over to someone who's more experienced with this
>>> kind of
>>> thing. Security issues are not something you want to "learn on
>>> the job".
>>
>> Agreed. My goal here is not to understand the finer
>> points of security issues, I assure you. :)
>
> root. As such, it's probably best to try to figure out some way to
> implement your application so that it doesn't require root privileges,
> or - at least - so that root privileges are only available to the
> portions of the application which absolutely need it.
Isn't that just what Brad's trying to do? The parent process that's
launching his app is running as root, and is not supposed to run his
app as root. Geteuid() returns 501, but trying to access AddressBook
gives him the same error it does if he tries to run his app as root.
He doesn't get that error if he runs it normally.
In other words, he's not trying to run his app as root, he's trying
to figure out what the parent app is doing that's triggering this error.
Brad, two questions: What does NSUserName() and NSHomeDirectory()
give you? And, what's the parent app?
sherm--
Web Hosting by West Virginians, for West Virginians: http://wv-www.net
Cocoa programming in Perl: http://camelbones.sourceforge.net
DATE : Fri Jul 21 17:23:58 2006
On Jul 20, 2006, at 11:23 PM, Andrew Farmer wrote:
> On 20 Jul 06, at 19:36, Brad Peterson wrote:
>>> No offense intended, but at this point I agree with the others - if
>>> you're doing this for self-education that's great, but if you're
>>> going to distribute this to other people you *seriously* need to
>>> turn
>>> this project over to someone who's more experienced with this
>>> kind of
>>> thing. Security issues are not something you want to "learn on
>>> the job".
>>
>> Agreed. My goal here is not to understand the finer
>> points of security issues, I assure you. :)
>
> root. As such, it's probably best to try to figure out some way to
> implement your application so that it doesn't require root privileges,
> or - at least - so that root privileges are only available to the
> portions of the application which absolutely need it.
Isn't that just what Brad's trying to do? The parent process that's
launching his app is running as root, and is not supposed to run his
app as root. Geteuid() returns 501, but trying to access AddressBook
gives him the same error it does if he tries to run his app as root.
He doesn't get that error if he runs it normally.
In other words, he's not trying to run his app as root, he's trying
to figure out what the parent app is doing that's triggering this error.
Brad, two questions: What does NSUserName() and NSHomeDirectory()
give you? And, what's the parent app?
sherm--
Web Hosting by West Virginians, for West Virginians: http://wv-www.net
Cocoa programming in Perl: http://camelbones.sourceforge.net
