0

I am writing a program that needs to write a plist file that's owned by root.

The way to create the file is apparently using authopen with the -w option. The problem is that authopen takes its input from stdin (or sends its permissions back using the SCM_RIGHTS extension to the calling process). There's also an option that uses something called the "Authorization External Form" structure which I don't quite understand.

In any event, what I would like to do is write my plist to a temporary file and then to use authopen or a similar authorization mechanism to do a privileged rename of the file in question.

So I need a way to either:

  1. Write the NSDictionary to a pipe, rather than to a file.
  2. Write the NSDictionary to a file, then provide that file to the authopen process as stdin.
  3. Use authopen to do a rename

or something else.

Is there any code for doing this?

Thanks.

vy32
  • 28,461
  • 37
  • 122
  • 246
  • What plist? Who is running your program? Would it make sense to just run your program with elevated privileges? – jtbandes Sep 20 '15 at 20:37
  • I've read the plist into a NSMutableDictionary, made some changes, and want to write it back out. No, it doesn't make sense to run the program with elevated privileges. That's bad programming practice. You want to minimize the use of privileges, per Apple documentation. https://developer.apple.com/library/mac/documentation/Security/Conceptual/SecureCodingGuide/Articles/AccessControl.html – vy32 Sep 20 '15 at 20:39
  • How about `fileHandleWithStandardOutput`/`printf`, and `cat .. | authopen -w`? – jtbandes Sep 20 '15 at 20:45
  • @jtbandes the problem with that approach is that it creates a temporary file that is then trusted and sent to a root process. This creates a security vulnerability called TOCTOU. – vy32 Sep 21 '15 at 00:27
  • Oh, another problem is that it requires a pipe for authopen, which means you need to run a subshell, rather than just running the process. – vy32 Sep 21 '15 at 00:28

0 Answers0