[X-Unix] App launched by my crontab runs as root if Login Window!
Jerry Krinock
jerry at ieee.org
Sat Jun 4 21:50:42 PDT 2005
on 05/06/03 08:10, Alexandre Gauthier at supernaut at underwares.org wrote:
> I think by disabled he means [root] is not [enabled] "active" per se in
> NetInfo, and does not have a password set.
> The root user is "enabled" in the unix sense though, you just can't
> login with it for it has no password...
Yes, that's what I mean...I have not done the NetInfo thing.
I did some more googling and found an in-depth discussion of the security
aspects of this thing back in March 2005 on MacInTouch. For those
interested, here it is:
http://www.macintouch.com/security-finder.html
But for me, the security breach is a symptom and not the cause that I am
interested in.
I did some more experiments and found that if I put in my crontab this
command (#1):
/Applications/MyApp.app/Contents/MacOS/MyApp
it still launches behind the Login Window (in Tiger, not Panther), but now
the user is the "expected" user, i.e., me, i.e., the user whose crontab the
command is in. I can detect this situation (currentUser notEquals
consoleUser) and deal with it by running my app facelessly.
But if, as I said in my original post, I put in my crontab this command
(#2):
/usr/bin/open "/Applications/MyApp.app"
it launches in the login window, but the user is root. Arghhhh!!
Here is my explanation. From "man open", I see that "open" is an invention
of NextStep. Further,
"The open command opens a file (or a directory or URL), just as if you had
double-clicked the file's icon."
But they don't say who "you" is. My theory is that "you" is not the owner
of the parent process, but whoever is currently at the console, because
that's the only person who can "doubleclick" on anything. But, when the
Login Window is showing, root is at the console. BANG!!
Jerry
More information about the X-Unix
mailing list