Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Programmatically elevate privileges for writes #2

Closed
beltex opened this issue Aug 16, 2014 · 4 comments
Closed

Programmatically elevate privileges for writes #2

beltex opened this issue Aug 16, 2014 · 4 comments
Labels
enhancement

Comments

@beltex
Copy link
Owner

beltex commented Aug 16, 2014

Writing to the SMC requires root (setFanRPM() for example). Currently, this is done by simply running the process as root (sudo). Instead we want to do this programmatically, prompting the user for privileges (credentials).

See "Elevating Privileges Safely" Apple doc.
@beltex
Copy link
Owner Author

beltex commented Aug 28, 2014

Update

AuthorizationExecuteWithPrivileges() was deprecated in 10.7 and doesn't look to be available any longer in 10.9+ (at least for Swift, seems to be available to Objective-C code though - see smcFanControl. Have to look into this further), which Swift requires. So using Authorization Services doesn't look like an option anymore. In addition:

"The reason why AEWP was deprecated is because it's whole security model is hopelessly broken. That makes providing a drop-in replacement somewhat pointless, in that it would just add back in the broken security." -via Apple dev forums

The new recommended approach it seems is to write a privileged helper thats invoked via launchd. See Apple's sample project, SMJobBless. However, this will require a cert from Apple for code signing that will carry a yearly fee (have to look into this further). Thus, if there is a way to integrate a helper that can be optionally used (turned easily off for those that don't have there own cert), this approach can be taken. Or, possibly just distribute the framework as a binary (signed already of course). But this is currently problematic with Swift and will cause issues for those trying to contribute to the project (faced with the same cert issue again). Otherwise, privileges are simply left up to the client, which is not entirely unreasonable (this currently only affects setFanRPM()).

For more see:

@beltex beltex mentioned this issue Sep 16, 2014
Open
@beltex
Copy link
Owner Author

beltex commented Nov 1, 2014

TODO: See SFAuthorization, may be of use

@beltex
Copy link
Owner Author

beltex commented Apr 21, 2015

Closing this for now. Consensus at this time is to simply leave this to the client, which as mentioned before is not unreasonable. Keeps SMCKit code clean, and in any non-trivial situation, client would want to handle auth anyway since its sensitive. For all other cases, trivial ones that is, sudo does the job.

@beltex beltex closed this as completed Apr 21, 2015
@beltex
Copy link
Owner Author

beltex commented Jun 10, 2015

As a followup on this, with 10.11's new System Integrity Protection feature, things are getting lockdown further, reinforces the point that its up to the client to handle privileges. I'm not even sure that privileged helpers will work either anymore. Tracking this in beltex/dshb#27

@kentron kentron mentioned this issue Apr 5, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@beltex