Re: Preferences.app vs Configure.app; was Re: ANN: GNUtooth, Bluetooth 'support' for GNUstep

[Jeff Teunissen]

Helge Hess wrote:
> 
> Jeff Teunissen wrote:
> > Finally, I will not implement support for entering the admin/root
> > password to gain access to functionality. This would require that the
> > application be setuid root, which opens up a huge number of potential
> > security problems, given that a user may install his/her own modules,
> > such as:
> >
> > if (geteuid () == 0) {
> >       NSTask *task = [NSTask launchedTaskWithLaunchPath: @"/bin/rm"
> >       arguments: [NSArray arrayWithObjects: @"-rf", "/"]];
> > }
> 
> No, it doesn't. MacOSX uses the Security.framework which AFAIK relies on
> 'sudo' which in turn won't allow a user to run arbitary scripts (and
> especially not rm ;-).

I didn't bring Mac OS into it. I also covered the case of using an
external program to manage stuff in my mail:

> > Going the other route, of calling another program to handle settings
> > once the password is entered, is an ugly hack and one that I strongly
> > advise against (because it also opens up MitM[1] security problems).

[snip]

-- 
| Jeff Teunissen  -=-  Pres., Dusk To Dawn Computing  -=-  deek @ d2dc.net
| GPG: 1024D/9840105A   7102 808A 7733 C2F3 097B  161B 9222 DAB8 9840 105A
| Core developer, The QuakeForge Project        http://www.quakeforge.net/
| Specializing in Debian GNU/Linux              http://www.d2dc.net/~deek/