一个mac上的app需要在/Applications/My.app/Contents/MacOS路径下创建一个配置文件,在开启root权限的账户下运行时ok,但是在没有开启root权限的账户下运行时,创建文件会失败,报"Permission Denied"

花时间了解了一下mac上的应用提权,由于安全的原因,提权方式一直在调整,目前苹果推荐的方式是使用Security Manager,并提供了一个例子:SMJobBless

以下引用自stackoverflow http://stackoverflow.com/questions/18404884/c-show-osx-permission-dialog

"

Originally, Apple provided a function 'AuthorizationExecuteWithPrivileges' that allowed an application to launch another with root privileges. This has since been deprecated for security reasons.

The dialog here is a bit misleading. Apple provides authorization services that launches the dialog under various different situations, but usually from an application having called the function AuthorizationCopyRights, after having setup rules in an authorization database (the file at /etc/authorization) and having created the Authorization reference with AuthorizationCreate.

Security on OSX is split between a security daemon, a security agent and applications. An application can restrict features using this system, or request authorisation for the user to enter credentials so it can launch a privileged application, which is what you need to do.

It's important to note that the dialog has not been presented by the application, but by the Security Agent, which is solely responsible for the security GUI. The daemon actually processes the authorization.

Apple's method for elevation is to have all applications run with Standard User rights and should a privileged task be required, then this must be factored out into a separate application which is registered to run with launchd and given the elevated privileges. The example Apple provides isSMJobBless.

While the calling code of the example is written in Objective-C, the important functions are just C functions in the SMJobBlessAppController.m file, most notably AuthorizationCreate to create an authorisation reference and the code in the Objective-C function blessHelperWithLabel:error: at the bottom of the file.

Begin with this help document on SMJobBless, which details the process.

Finally, if you're using Qt, you'll need to include Apple's Security framework for the required function calls. To do that, just add the following to your .pro file: -

QMAKE_LFLAGS += -F /System/Library/Frameworks/Security.framework/

LIBS += -framework Security

"

附:

1.Enable and using the "root" user in mac os x

https://support.apple.com/en-us/HT204012

mac上的应用提权的更多相关文章

  1. iOS冰与火之歌(番外篇) - 基于PEGASUS(Trident三叉戟)的OS X 10.11.6本地提权

    iOS冰与火之歌(番外篇) 基于PEGASUS(Trident三叉戟)的OS X 10.11.6本地提权 蒸米@阿里移动安全 0x00 序 这段时间最火的漏洞当属阿联酋的人权活动人士被apt攻击所使用 ...

  2. CGI PL PERL脚本 提权

    windows 2003 下,安装ActivePerl-5.16.2.1602-MSWin32-x86-296513 IIS 添加CGI支持.并在对应网站配置下面,添加CGI后缀或PL后缀 与 对应的 ...

  3. 从getshell到提权

    从getshell到提权 一.起因 学校推出新的党建系统,之前党建系统还参与开发,后来因为一些原因没有开发,主要想看看这届工作室的学弟.学妹代码水平,把源码撸下来审计一下,工作室用git开发的,记着上 ...

  4. 9.CVE-2016-5195(脏牛)内核提权漏洞分析

    漏洞描述: 漏洞编号:CVE-2016-5195 漏洞名称:脏牛(Dirty COW) 漏洞危害:低权限用户利用该漏洞技术可以在全版本Linux系统上实现本地提权 影响范围:Linux内核>=2 ...

  5. Linux提权小结

    原文链接:http://zone.secevery.com/article/1104 Linux提权1.信息收集2.脏牛漏洞提权3.内核漏洞exp提权4.SUID提权 0x00 基础信息收集(1):内 ...

  6. 脏牛提权CVE-2016-5195

    gcc -pthread dirtyc0w.c -o dirtyc0w 尝试使用gcc -pthread dirtyc0w.c -o dirtyc0w 编译该POC文件 gcc命令是一个编译器套件,可 ...

  7. 记一次 lampiao渗透(Drupal+脏牛提权)

    vulnhub|渗透测试lampiao 题记 最近在打靶机,发现了一个挺有意思的靶机,这里想跟大家分享一下. 环境准备 vulnhub最近出的一台靶机 靶机(https://www.vulnhub.c ...

  8. 通过Mysql提权的几种姿势

    本文记录利用mysql数据库,在拿到shell之后进行提权的两种方法. 一.UDF提权 原理:UDF是mysql的一个拓展接口,UDF(Userdefined function)让用户通过该接口可以自 ...

  9. 史上最全Linux提权后获取敏感信息方法

    http://www.freebuf.com/articles/system/23993.html 在本文开始之前,我想指出我不是专家.据我所知,在这个庞大的区域,没有一个“神奇”的答案.分享,共享( ...

随机推荐

  1. hdu 1514 Free Candies 解题报告

    题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=1514 题目意思:有4堆糖果,每堆糖果有n个,从上到下排好,取糖果只能从上往下取,取完的糖果放在篮子里, ...

  2. poj 1274 The Perfect Stall 解题报告

    题目链接:http://poj.org/problem?id=1274 题目意思:有 n 头牛,m个stall,每头牛有它钟爱的一些stall,也就是几头牛有可能会钟爱同一个stall,问牛与 sta ...

  3. hdu acm 2191 悼念512汶川大地震遇难同胞——珍惜现在,感恩生活

    题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=2191 题目意思:有 资金 n 和 m 种类型的大米,对第 i 种类型的大米,价格.数量.袋数分别是: ...

  4. html5--6-10 CSS选择器7--伪类选择器

    html5--6-10 CSS选择器7--伪类选择器 实例 学习要点 掌握常用的CSS选择器 了解不太常用的CSS选择器 什么是选择器 当我们定义一条样式时候,这条样式会作用于网页当中的某些元素,所谓 ...

  5. fuse的mount机制 2 -系统调用mount

    经过上一篇的分析,目前已经知道mount函数最终进入到mount.c 中的 int fuse_kern_mount(const char *mountpoint, struct fuse_args * ...

  6. hihocoder-1347 小h的树上的朋友(lca+线段树)

    题目链接: 小h的树上的朋友 时间限制:18000ms 单点时限:2000ms 内存限制:512MB 描述 小h拥有n位朋友.每位朋友拥有一个数值Vi代表他与小h的亲密度.亲密度有可能发生变化. 岁月 ...

  7. [SHOI 2013] 发微博

    [题目链接] https://www.lydsy.com/JudgeOnline/problem.php?id=4419 [算法] 用std :: set维护每个人的好友集合 当两人成为好友时将每人接 ...

  8. codevs 等差数列

    1006 等差数列  时间限制: 1 s  空间限制: 128000 KB  题目等级 : 黄金 Gold 题解       题目描述 Description 给定n(1<=n<=100) ...

  9. Watir: Watir webdriver对JS 弹出框的操作现在非常简单。

    以下代码支持Firefox,IE,Chrome require 'watir-webdriver' #require "watir-webdriver/extensions/alerts&q ...

  10. JNI(Java Native Interface)

    一.JNI(Java Native Interface)        1.什么是JNI:               JNI(Java Native Interface):java本地开发接口   ...