Is it worth persevering with Macports_Framework?

Ian Wadham at
Wed Feb 13 21:35:21 PST 2013

On 12/02/2013, at 9:03 PM, Rainer Müller wrote:
> On 2013-02-12 05:29, Guido Soranzio wrote:
>> On 11/02/2013, Ian Wadham wrote:
>>> I see that Cocoa has NSTask and NSPipe classes and that Guido's
>>> Guigna app is using them in its GuignaAgent class.  I also like this approach
>>> because there is loose binding between the processes.
>> A more canonical approach would require to implement a helper tool since
>> MacPorts needs root privileges. As of Snow Leopard and beyond, the
>> ServiceManagement.framework is the preferred method of managing
>> privilege escalation on Mac OS X and should be used instead of
>> earlier approaches such as BetterAuthorizationSample or directly calling AuthorizationExecuteWithPrivileges:
>> <>.
> The MacPorts.framework has a helper tool which bases its authorization
> on BetterAuthorizationSample [1].

There are helpers and helpers …  I think the helper in ServiceManagement
is some kind of middle man to prevent spoofing or masquerading of the
front-end GUI to obtain unauthorised access to the Apple system.  In our
case, we are protecting Macports with sudo.  Also the helper for Pallet
uses a now-deprecated Apple facility (BetterAuthorizationSampleLib) and
seems to get security functions intertwined with access to the Macports
library code in a way that is very hard to follow.

Another approach I have come across on forums is to use:

    NSString *script =  @"do shell script \"<some macports command>\" with administrator privileges";
    NSAppleScript *appleScript = [[NSAppleScript new] initWithSource:script];

If the Macports command requires sudo, you get the usual Apple popup
for entering an admin password.

>> Porticus had a very solid management of privileged processes
>> and that's why I petitioned its author to open source it:
>> < downloads/>.
>> Unfortunately Richard Laing hadn't the time to transition
>> Porticus to OS X Lion and I decided for a totally different route.
> Thanks for reminding us that this code is available!

I've downloaded that too, a few minutes ago, just to have a look.

Cheers, Ian W.

More information about the macports-dev mailing list