I'm working on an app that needs to use dd (I do this with a shell script in the app bundle, that collects parameters from the app itself, makes some checks and then launches dd).
To make this operation I need to call dd with root, and I already looked at several solutions on StackOverflow. The simplest to implements seemed to me this one http://www.sveinbjorn.org/STPrivilegedTask
Problem is that my NSTask makes some complex read/write operations (not present in STPrivilegedTask) and does not need to be all privileged.
So I wrote a small helper tool in c that calls my script with correct parameters from my app. The solution I thought is to use the STPrivilegedTask to SUID once the fly my small helper tool, so I can launch it (and so my script and dd) with root, and soon after successful launch I set back the helper tool to non SUID (and I do the same if any error, on app exit, app start etc.. to be safer).
I implemented it and works quite well, maybe it's not perfect but I think that being all inside the bundle, and working with the helper tool in SUID just for the launch sounds safe enough.
Any thoughts?
Thanks!
You can use a sandbox for running the new Process in your NSTask
sandbox-exec -f <profile> <command>
sandbox-exec -f my_profile.sb "/bin/dd -if=/dev/disks01 of=/dev/target"
You have some profile examples in here
/usr/share/sandbox/
You have to give enough access for dd to work, I haven't tried or checked what dd requires, I would start with something like this:
(version 1)
(deny default)
(debug deny)
(import "system.sb")
(allow file-read-data file-write-data file-ioctl (regex #"^/dev/.*$"))
(allow process-exec (literal "/usr/sbin/helper"))
Update: Worth mention, you can use sandbox-exec -p command
来源:https://stackoverflow.com/questions/5697454/nstask-command-line-tools-and-root