[X-Unix] App launched by my crontab runs as root if Login Window!

Jerry Krinock jerry at ieee.org
Thu Jun 2 16:31:58 PDT 2005

Here's something to make your day interesting.  Open _your_ crontab and add
the following command to run in 2 minutes:

/usr/bin/open "/Applications/iCal.app"

Or, some other app.  Then, go to your Fast User Switching Menu or somehow
show the Login Window.  Then, sit back and relax.

When the time comes, you will see iCal (or, I believe, any other app) show
its GUI ***BEHIND THE LOGIN WINDOW***.  It has a menu, and if you don't mind
working around the login window, you can actually use the application,
without logging in.  Now go to save a file and you can see from your
directory access that you are RUNNING AS "root"!

I don't think I even have the "root" user enabled on my powerbook.

Besides the interesting security implications, I would like to fix this
because I have written an application which can be so (as above) cronn'ed to
launch and do some work while a user is out to lunch, but it the user has
displayed his login window, as smart users do when they go out to lunch, it
does not run properly since it runs as root - it can't find any of the
user's files.

Any thoughts on this would be much appreciated.  I'm not sure where to
start!  I'm running 10.4.1.

Jerry Krinock

More information about the X-Unix mailing list