Re: Unable to unload Launch Daemon using Cocoa Application.

FROM : Chris Hanson
DATE : Mon Mar 24 01:07:17 2008

On Mar 22, 2008, at 9:03 AM, JanakiRam wrote:
> I've used Authorization Services to
> perform unload of Launch Daemon ( previlaged action ).


Authorization Services isn't meant to be used in the way you're using 
it.  You're using AuthorizationExecuteWithPrivileges to perform an 
arbitrary operation as root.  That's bad.

Instead, you should:

(1) Use Authorization Services to create an authorization reference 
for the right to unload your daemon.
(2) Use NSTask to run a setuid-root helper tool you've written that 
can only unload your daemon.
(3) Pass the externalized form of the authorization reference from #1 
over a pipe to the task in #2.
(4) Verify in the task from #2 that the authorization reference 
actually confers the appropriate right.
(5) Unload the daemon.

If the setuid helper tool isn't setuid-root, 
AuthorizationExecuteWithPrivilegs should be used to fix that from 
within the tool itself -- in other words, the helper tool should be 
self-repairing.

THis is all described in "Performing Privileged Operations With 
Authorization Services" at <http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/01introduction/chapter_1_section_1.html
>.  Everyone who wants to perform privileged operations MUST read and 
understand this document completely before attempting to write code to 
do so, to preserve the security of their users' systems.

  -- Chris