问题描述
我想知道命令行应用程序是否可以请求root用户访问权限,例如尝试使用sudo
进行自身调用.
I am wondering if it is possible for a command line application to request root access, like trying to call itself with sudo
.
我正在寻找一种解决方案,该解决方案允许编写需要sudo
特权的应用程序.
I am looking for a solution that would allow to write applications that require sudo
privileges if it is needed.
不必总是要求root用户访问权限,
It doesn't have to request root access always, only if needed.
推荐答案
选项:
- 它可以
setuid(0)
,但前提是它已经被root调用,并且真实UID为0,其他人的有效UID也是如此. - 它可以尝试
exec
sudo
或su
命令并使其自身在UID 0下运行,但前提是sudo
配置为允许该操作(通常要求用户提交身份验证,例如将会进行授权检查.) - 它可以尝试通过
AuthorizationExecWithPrivileges()
启动自身的新副本,但这再次要求用户提交authn. - 它可能已经安装了
launchd
作业,可以在系统launchd
上下文中与之通信.与该作业进行通信将导致launchd
对其进行调用,并且大概已将其配置为在root用户下运行.现在,要完成此任务,就需要已经部署了该工作:通过安装程序(在这种情况下,用户已通过身份验证)或通过Service Management Framework的SMJobBless()
API(同样,用户将需要进行身份验证才能批准). . - 它可以利用别人写得不好的
launchd
作业使该作业以UID 0自身执行.如上所述,这涉及到有一个写得不好的launchd
作业被淘汰.
- it could
setuid(0)
, but only if it already has been invoked by root and so has a real UID of 0 and an effective UID of somebody else. - it could try to
exec
thesudo
orsu
command and have itself run under UID 0, but only ifsudo
is configured to allow that (which normally requires that the user submit to authentication, as there will be an authorization check). - it could try to launch a new copy of itself via
AuthorizationExecWithPrivileges()
, but this again requires that the user submit to authn. - it could have been installed with a
launchd
job that it can communicate with in the systemlaunchd
context. Communicating with that job would causelaunchd
to invoke it, and presumably it's configured to run under the root user. Now for this to come about, the job needs to have already been deployed: either via an installer (in which case the user authenticated) or via the Service Management framework'sSMJobBless()
API (again, the user will need authentication to approve that). - it could make use of someone else's badly-written
launchd
job to have that job execute itself with UID 0. As noted, this involves having a badly-writtenlaunchd
job knocking around.
因此,从本质上讲,可以通过许多选项来实现,但是所有可靠的选项都要求用户进行身份验证,并且已经以可以在根上下文中运行该工具的方式部署了该工具.我实际上写了一本关于这些东西的完整书...尤其参见专业可可应用安全性的第6章
So essentially it is possible, through a number of options, but all of the reliable ones require that the user authenticate and that the tool already be deployed in such a way as it can run in the root context. I actually wrote a whole book about this stuff...see particularly Chapter 6 of Professional Cocoa Application Security.
请注意,除了setuid
(我不建议您使用)以外的所有选项实际上都涉及到fork()
来创建单独的进程,无论是通过调用进程还是通过launchd
.这意味着您实际上可以拥有两个单独的可执行文件:一个与用户交互的可执行文件,以及一个执行特权任务的可执行文件.与将所有功能都放在一个应用程序中相比,这是一个更好的设计,所以我建议采用这种方法.
Notice that all of the options except setuid
(which I don't recommend you use) actually involved a fork()
to create a separate process, whether by the calling process or by launchd
. That means you can actually have two separate executables: one that the user interacts with, and one that performs privileged tasks. That's a better design than putting all of the functionality in one application so I'd recommend that approach.
这篇关于如果控制台应用程序需要root特权,如何在OS X下对其本身进行sudo呢?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!