[X-Unix] App launched by my crontab runs as root if Login Window!

John Harrold jmh17 at pitt.edu
Fri Jun 3 05:33:58 PDT 2005

Sometime in June Jerry Krinock assaulted the keyboard and produced:

| When the time comes, you will see iCal (or, I believe, any other app)
| show its GUI ***BEHIND THE LOGIN WINDOW***.  It has a menu, and if you
| don't mind working around the login window, you can actually use the
| application, without logging in.  Now go to save a file and you can see
| from your directory access that you are RUNNING AS "root"!

I must admit this is a little strange. On most unix systems running X11,
this would either fail because the user doesn't control the display.

| I don't think I even have the "root" user enabled on my powerbook.

I'm not sure what you mean by enabled. I don't think you can disable the
'root' user on a unix machine and have it work. Every time you run sudo it
executes commands as root. This would not be possible if the 'root' user
was disabled.

| Besides the interesting security implications, I would like to fix this
| because I have written an application which can be so (as above) cronn'ed to
| launch and do some work while a user is out to lunch, but it the user has
| displayed his login window, as smart users do when they go out to lunch, it
| does not run properly since it runs as root - it can't find any of the
| user's files.

A little googling 'gui cron login window site:apple.com' and it seems
someone else has had this problem:


But they don't seem to have a solution either ;(.

                            | /"\                         
 john harrold               | \ / ASCII ribbon campaign   
 jmh at member.fsf.org      |  X  against HTML mail       
 the most useful idiot      | / \                         
 What difference does it make to the dead, the orphans, 
 and the homeless, whether the mad destruction is brought 
 under the name of totalitarianism or the holy name of 
 liberty and democracy?
  gpg --keyserver pgp.mit.edu --recv-key B23241CB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://listserver.themacintoshguy.com/pipermail/x-unix/attachments/20050603/c9c3e2e2/attachment.bin

More information about the X-Unix mailing list