On Wed, Aug 27, 2008 at 8:36 AM, Quinn <eskimo1@apple.com> wrote:
At 8:24 -0700 27/8/08, Shawn Erickson wrote:
Sorry the guy that has been playing around with this isn't in just yet so I don't know the exact specifics but... It is my understanding he is using authorization services to run a script and that script is removing files, etc. just fine but launchctl running from under that script cannot see the top level launchctl instance to remove the launch daemon job. I believe he used id in the script as it logged the current user.
OK, this sounds like one of the standard gotchas with AuthorizationExecutionWithPrivileges; it runs the resulting program with EUID == 0 but RUID inherited from the process that called AEWP <rdar://problem/4098710>, and launchctl is getting confused by the RUID.
Ah that likely explains what he saw. Thanks
If you were writing real code I would recommend:
1. don't use a script, use a C-based tool
2. in that tool call setuid(0) to force the RUID to 0
However, given that you're just putting in a temporary hack then I'll recommend the following trick:
$ chroot -u 0 / launchctl <args>
which converts an EUID == 0 / RUID != 0 context into a EUID == RUID == 0. Sneaky huh?
Interesting. Thanks again.
IMPORTANT: Please don't leave these hacks in your production code. In my experience "temporary + work == permanent".
Yup they have a way of doing that luckily this component is throw away, at least in this form. -Shawn