Deploying an app with root privileges

Question

I have written a Cocoa app which uses libpcap to monitor network traffic. Since libpcap requires root privileges I was wondering what's the best way to give it root privileges (e.g. using Package Maker?). Would I be able to deploy it using a drag-and-drop installer or is Package Maker my only option?

Additionally I would like to know of the security risks posed by giving my app root permissions. The app also writes to disk (sqlite database) and I read that giving an app that writes to disk root privileges is not a good idea.

Answer 1

The recommended Apple way to do what you want is as follows:

• factor out the stuff that requires privileged operation into a separate executable (that's the stuff that uses libpcap for you).
• when the application needs to start the privileged exe, it creates an authorization reference and checks the user can authorize (known as pre-authorization) and passes an external reference to the authorization to the privileged exe.
• when it first starts, the privileged exe gains authorization again before attempting to do the privileged stuff.

For the above to work, the privileged exe has to be installed as owned by root with the setuid bit set. You can either do this with package maker or you can create what Apple terms a self repairing helper tool. This is a tool that checks if it is running as root and if not calls itself via AuthorizationExecuteWithPrivileges to repair its setuid bit and ownership. Then it does the authorization for the operation and performs the operation.

If you use the self repairing tool, you can bundle it in with your application and use a drag and drop installation process.

I strongly advise you to read the whole of the Authorization Programming Guide. It talks about all this stuff in more detail and includes some example code.