views:

1846

answers:

3

I am thinking about the design of an iPhone app I'd like to create. One possible problem is that this application will have to run as root (to access certain network ports). In a typical UNIX app, I'd just get the app to run with setuid, but I'm wondering if that is possible with an iPhone app.

I've read this question in Apple's forum, which is discouraging:

http://discussions.apple.com/thread.jspa?threadID=1664575

I understand that Apple wants to limit what a program can do, but there are plenty of good, legitimate reasons for a user to run a program with elevated privileges. I'm not trying to create a hacker tool here.

I'm sure I could get around this on a jail-broken iPhone, but that's not what I'm after. Is there any way to run an app with elevated privileges on an unbroken iPhone?

(BTW, there is no need to warn me about the NDA.)

+5  A: 

Section 3.3.4 of the iPhone SDK Agreement suggests that you mustn't work outside your sandbox.

Given that Apple has been somewhat arbitrary on which applications they permit, you should definitely double-check with them before you start developing.

Compared to 2.0.x, the sandbox restrictions have actually increased in 2.1; you can no longer even read from another application's sandbox. So, even if it currently is possible to elevate your app's privileges, it very likely won't be in a future release.

Sören Kuklau
+2  A: 

The only options you have is

  1. Run the application as root on the iphone

  2. Set the applications setuid bit and owner root.

I can't see any of them being blessed by Apple.

I guess it depends on what you want to do with the privileges, if you're lucky there might be more fine grained privileges available, but afaik you have to choose a port above 1024.

asksol
+1  A: 

Doesn't matter one bit if you can do this on your normal desktop computer. The iPhone is not a normal desktop computer.

Unlike a desktop computer, the only way to get an application on the iPhone without a jailbreak is to get it from the App Store. The only way to get on the App Store is to follow Apple's rules, and Apple's rules clearly include "no privilege escalation", "no escaping the sandbox", and "no accessing network ports outside the existing, provided APIs".

What you want to do is not possible.

ceejayoz