Problems understanding authorization

Question

Hi everybody, I'm having problems in understanding how to authorize my program to perform privileged tasks.

I read the apple documentation and wrote this piece of code:

AuthorizationRef myAuthorizationRef;
OSStatus myStatus = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &myAuthorizationRef);

AuthorizationItem myItem;

myItem.name = "com.Me.myApp.test";
myItem.valueLength = 0;
myItem.value = NULL;
myItem.flags = 0;

AuthorizationRights myRights;

myRights.count = 1;
myRights.items = &myItem;

AuthorizationFlags myFlags = kAuthorizationFlagDefaults |
kAuthorizationFlagInteractionAllowed |
kAuthorizationFlagExtendRights;

myStatus = AuthorizationCopyRights (myAuthorizationRef, &myRights,                                      kAuthorizationEmptyEnvironment, myFlags, NULL);

after calling AuthorizationCopyRights I should be able to perform privileged tasks, right? Is there still something I've got to do?

Answer 1

The right you are requesting, com.Me.myApp.test, is not a privileged right, and so acquiring it does not give your application elevated permissions. However, that is a good thing -- you don't want your cocoa app to have elevated privileges because of Input Managers. This deprecated technology permits anyone to load arbitrary code into your application, so if you elevate the privileges of your app, it becomes an attack vector.

A better approach is to write a helper tool. See Apple's guide to secure coding and using a helper tool.