I am working on an application that should use dd (I do this with a shell script in the application bundle that collects parameters from the application itself, performs some checks, and then runs dd).
To perform this operation, I need to call dd with the root, and I have already covered several solutions in StackOverflow. The simplest tools seemed to me this http://www.sveinbjorn.org/STPrivilegedTask
The problem is that my NSTask does some complex read / write operations (not present in STPrivilegedTask) and does not have to be privileged.
So, I wrote a little helper in c that calls my script with the correct parameters from my application. The solution, I thought, was to use STPrivilegedTask for SUID as soon as my little helper, so I can run it (and thus my script and dd) using root, and soon after the successful launch, I returned the helper tool, SUID (and I do the same if there is any error when exiting the application, starting the application, etc., to be more secure).
I implemented it and worked fine, maybe itβs not perfect, but I think that everything inside the package and working with the assistant in SUID just sounds quite safe to run.
Any thoughts?
Thanks!
source share