I have written a Cocoa app which uses libpcap to monitor network traffic. Since libpcap requires root privileges I was wondering what's the best way to give it root privileges (e.g. using Package Maker?). Would I be able to deploy it using a drag-and-drop installer or is Package Maker my only option?
Additionally I would like to know of the security risks posed by giving my app root permissions. The app also writes to disk (sqlite database) and I read that giving an app that writes to disk root privileges is not a good idea.
The recommended Apple way to do what you want is as follows:
For the above to work, the privileged exe has to be installed as owned by root with the setuid bit set. You can either do this with package maker or you can create what Apple terms a self repairing helper tool. This is a tool that checks if it is running as root and if not calls itself via AuthorizationExecuteWithPrivileges to repair its setuid bit and ownership. Then it does the authorization for the operation and performs the operation.
If you use the self repairing tool, you can bundle it in with your application and use a drag and drop installation process.
I strongly advise you to read the whole of the Authorization Programming Guide. It talks about all this stuff in more detail and includes some example code.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With