Privilege escalation method currently supported

Question

Privilege escalation method currently supported

Can someone shed light on the currently supported and recommend ways to increase privileges in the auxiliary tool?

As far as I understand, the following methods are not supported by Apple:

UIP
AuthorizationExecuteWithPrivileges ()

I am looking for a way to run / usr / sbin / softwareupdate and put the launch in / Library / LaunchDaemons.

Any documentation or sample code will be appreciated.

+6

objective-c cocoa osx-snow-leopard macos

Andy boutte Jul 11 '11 at 1:12

source share

2 answers

Philippe · Answer 1 · 2011-07-11T01:56:47+0000

The new officially supported method introduced in 10.6 is called SMJobBless (). However, there is very little documentation on it; A quick Google search revealed several blog posts.

David gelhar · Answer 2 · 2011-07-11T01:55:54+0000

As you say, Apple recommends avoiding the setuid and AuthorizationExecuteWithPrivileges binaries for security reasons. Apparently, the recommended approach is to run a privileged auxiliary tool (on demand) using startup, contact this assistant from your application using IPC through a Unix domain socket. A privileged assistant will be launched using the launch with the necessary privileges

BetterAuthorizationSample sample code example gives an example of this.

Privilege escalation method currently supported

More articles: