Re: Using AuthorizationExecuteWithPrivileges

FROM : Finlay Dobbie
DATE : Sat Aug 26 15:19:36 2006

On 26/08/06, Mike <<email_removed>> wrote:
> You'll need to write a setuid helper tool, authorize, and do some
> other odds and ends in the helper tool code. It's not trivial and
> Apple deliberately makes it that way to make it tough to hack OS X
> security.


Let's clarify that a little bit:

It's not trivial because there are a lot of gnarly issues involved,
and if you don't have your wits about you it's easy to create a local
privilege escalation vulnerability. If you do not understand the
issues involved, then you are not qualified to be writing code which
runs as root.

Reading & understanding Apple's fairly comprehensive documentation on
the subject, and reading and understanding their sample code
(MoreAuthSample) is probably a pre-requisite for understanding the
issues involved.

-- Finlay