Thursday, November 29, 2007

BetterAuthorizationSample

Finally, Apple posted BetterAuthorizationSample, a sample project that demonstrates how to securely use Mac OS X authorization API.

Apple's older sample code (AuthSample and MoreAuthSample) used a setuid root privileged helper tool. BAS uses launchd because it's more secure. In the BAS design, an attacker can't directly control the environment which the helper tool inherits, and that prevents a variety of potential attacks.

This sample code supersedes the four years old Project Builder MoreIsBetter/MoreSecurity sample code that warned: No matter what you do, the current AuthorizationExecuteWithPrivileges model allows for security violations [3093666]. It comes as a Xcode project that compiles without tweaking and with three documentation files that look quite complete: Design and Implementation Rationale, Performing Privileged Operations With BetterAuthorizationSampleLib and Read Me About BetterAuthorizationSample.

Monday, November 19, 2007

Front Row for Tiger

Leopard users have the Front Row application in their Applications folder. It may be useful if you want to automatically launch front Row when your computer starts up by adding a login item for example.

Now, Tiger users can also use this convenient Front Row application. Leopard users who have accidentally deleted their Front Row application can also use it.

Front Row



I have not tested it on unsupported Macs, i.e. those without an Apple Remote. If you have such a Mac, please report in the comments if it works or if it still requires Front Row Enabler.

This Front Row launcher has been written from scratch. Here is the source code:

int main(int argc, char *argv[])
{
    BSRemoteUIToggle();
    return 0;
}