Is it worth persevering with Macports_Framework?
Ian Wadham
iandw.au at gmail.com
Wed Feb 13 21:35:21 PST 2013
On 12/02/2013, at 9:03 PM, Rainer Müller wrote:
> On 2013-02-12 05:29, Guido Soranzio wrote:
>> On 11/02/2013, Ian Wadham wrote:
>>> I see that Cocoa has NSTask and NSPipe classes and that Guido's
>>> Guigna app is using them in its GuignaAgent class. I also like this approach
>>> because there is loose binding between the processes.
>>
>> A more canonical approach would require to implement a helper tool since
>> MacPorts needs root privileges. As of Snow Leopard and beyond, the
>> ServiceManagement.framework is the preferred method of managing
>> privilege escalation on Mac OS X and should be used instead of
>> earlier approaches such as BetterAuthorizationSample or directly calling AuthorizationExecuteWithPrivileges:
>> <http://developer.apple.com/library/mac/#samplecode/SMJobBless/Introduction/Intro.html>.
>
> The MacPorts.framework has a helper tool which bases its authorization
> on BetterAuthorizationSample [1].
There are helpers and helpers … I think the helper in ServiceManagement
is some kind of middle man to prevent spoofing or masquerading of the
front-end GUI to obtain unauthorised access to the Apple system. In our
case, we are protecting Macports with sudo. Also the helper for Pallet
uses a now-deprecated Apple facility (BetterAuthorizationSampleLib) and
seems to get security functions intertwined with access to the Macports
library code in a way that is very hard to follow.
Another approach I have come across on forums is to use:
NSString *script = @"do shell script \"<some macports command>\" with administrator privileges";
NSAppleScript *appleScript = [[NSAppleScript new] initWithSource:script];
If the Macports command requires sudo, you get the usual Apple popup
for entering an admin password.
>> Porticus had a very solid management of privileged processes
>> and that's why I petitioned its author to open source it:
>> <http://porticus.alittledrop.com/ downloads/Porticus.zip>.
>> Unfortunately Richard Laing hadn't the time to transition
>> Porticus to OS X Lion and I decided for a totally different route.
>
> Thanks for reminding us that this code is available!
I've downloaded that too, a few minutes ago, just to have a look.
Cheers, Ian W.
More information about the macports-dev
mailing list