AuthorizationExecuteWithPrivileges() 作为 root 错误

发布于 2024-11-01 05:41:20 字数 1361 浏览 1 评论 0原文

我是可可的初学者...

我只想在我的可可应用程序中启动 Apache 和其他进程。

这是我的代码：

    OSStatus myStatus;
    AuthorizationFlags myFlags = kAuthorizationFlagDefaults;
    AuthorizationRef myAuthorizationRef;
    FILE *pipe = NULL;
    myStatus = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, myFlags, &myAuthorizationRef);
    AuthorizationItem myItems = {kAuthorizationRightExecute, 0, NULL, 0};
    AuthorizationRights myRights = {1, &myItems};
    myFlags = kAuthorizationFlagDefaults | 
    kAuthorizationFlagInteractionAllowed |
    kAuthorizationFlagPreAuthorize |
    kAuthorizationFlagExtendRights;
    myStatus = AuthorizationCopyPrivilegedReference (&myAuthorizationRef,kAuthorizationFlagDefaults);
    myStatus = AuthorizationCopyRights (myAuthorizationRef,&myRights, NULL, myFlags, NULL ); 

    char *tool = "/usr/sbin/apachectl";
    char *args[] = { "start",NULL} ;    

    myStatus = AuthorizationExecuteWithPrivileges(myAuthorizationRef, tool, kAuthorizationFlagDefaults, args, &pipe);
    char c[100];
    int n=fread(c,1,100,pipe);
    c[n] = '\0';
    NSLog(@"%s\n",c);

结果：此操作需要 root
当我运行'whoami'时，我' root' 但当我运行 getuid() 时，我是 '501'...

我尝试使用 setuid(0);但它没有设置！！
你能帮助我吗？
谢谢

原文

I am a beginner in cocoa...

I just want to start Apache and other process in my Cocoa App.

Here is my code :

    OSStatus myStatus;
    AuthorizationFlags myFlags = kAuthorizationFlagDefaults;
    AuthorizationRef myAuthorizationRef;
    FILE *pipe = NULL;
    myStatus = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, myFlags, &myAuthorizationRef);
    AuthorizationItem myItems = {kAuthorizationRightExecute, 0, NULL, 0};
    AuthorizationRights myRights = {1, &myItems};
    myFlags = kAuthorizationFlagDefaults | 
    kAuthorizationFlagInteractionAllowed |
    kAuthorizationFlagPreAuthorize |
    kAuthorizationFlagExtendRights;
    myStatus = AuthorizationCopyPrivilegedReference (&myAuthorizationRef,kAuthorizationFlagDefaults);
    myStatus = AuthorizationCopyRights (myAuthorizationRef,&myRights, NULL, myFlags, NULL ); 

    char *tool = "/usr/sbin/apachectl";
    char *args[] = { "start",NULL} ;    

    myStatus = AuthorizationExecuteWithPrivileges(myAuthorizationRef, tool, kAuthorizationFlagDefaults, args, &pipe);
    char c[100];
    int n=fread(c,1,100,pipe);
    c[n] = '\0';
    NSLog(@"%s\n",c);

theResult : This operation requires root
When I run a 'whoami', I'm 'root' but when I run a getuid(), I'm '501'...

I try to use setuid(0); But it doesn't set !!
Can you help me?
Thanks

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

像极了他 2024-11-08 05:41:21

我将在 /etc/sudoers 中定义 uid=501 访问 /usr/sbin/apachectl 的用户的访问权限，并在代码中执行“sudo /usr/sbin/apachectl”而不是 /usr/sbin/apachectl 。

回复收藏 0 原文

游魂 2024-11-08 05:41:21

我面临着完全相同的问题！
whoami 返回“root”而 root 命令返回“root required”，这太疯狂了！
sudoers 解决方案可能有效，但我认为我们必须搜索 setuid 位，如此处所写 https://github.com/notbrien/OSXSlightlyBetterAuth/blob/master/OSXSlightlyBetterAuth.m#L94

回复收藏 0 原文

瑕疵 2024-11-08 05:41:20

我有同样的问题。 AuthorizationExecuteWithPrivileges 允许您将权限升级为 root，但不会自动执行（我想保留用户会话或其他）。

我最终制作了一个通用可执行文件，该可执行文件将通过 AuthorizationExecuteWithPrivileges 运行，然后该可执行文件会将 uid 设置为 root，然后执行您实际上想要以 root 身份运行的进程。

以下是 setuid 包装器可执行文件的源代码：

#include <stdio.h>

int main(int argc, char** argv) {
  if (argc < 2) {
    printf("not enough arguments\n");
    return -1;
  }
  if (0 != setuid(0)) {
    printf("setuid failed.\n");
    return -3;
  }
  int i;
  char** argvz = (char**)malloc(sizeof(char*) * (argc - 1));
  for (i = 1; i < argc; i++) {
    argvz[i - 1] = argv[i];
  }

  execv(argv[1], argvz);
  printf("execv returned?\n");
  return -2;
}

然后，基本上运行（通过 AuthorizationExecuteWithPrivileges 调用它）：

setuid my-program-to-run and arguments to pass

它将 setuid 作为 root，然后使用给定的参数运行有问题的程序。

请注意，您必须从AuthorizationExecuteWithPrivileges调用setuid，因为只有AuthorizationExecuteWithPrivileges创建的pid才会具有升级的权限（并且setuid将执行并用您自己的进程替换该进程）。

I had this exact same problem. AuthorizationExecuteWithPrivileges allows you escalate your permission to root, but does not do it automatically (I guess to preserve the user session or whatever).

I ended up making a generic executable that would be run via AuthorizationExecuteWithPrivileges, and then that executable would setuid to root, and then exec the process you actually want to run as root.

Here's the source for the setuid wrapper executable:

#include <stdio.h>

int main(int argc, char** argv) {
  if (argc < 2) {
    printf("not enough arguments\n");
    return -1;
  }
  if (0 != setuid(0)) {
    printf("setuid failed.\n");
    return -3;
  }
  int i;
  char** argvz = (char**)malloc(sizeof(char*) * (argc - 1));
  for (i = 1; i < argc; i++) {
    argvz[i - 1] = argv[i];
  }

  execv(argv[1], argvz);
  printf("execv returned?\n");
  return -2;
}

Then, basically run (calling it via AuthorizationExecuteWithPrivileges) it as:

setuid my-program-to-run and arguments to pass

It will setuid as root, and then run the program in question with the args given.

Note that you must call setuid from AuthorizationExecuteWithPrivileges As only the pid that was created by AuthorizationExecuteWithPrivileges will have escalated privileges (and setuid will exec and replace the process with your own).

回复收藏 0 原文

~没有更多了~