Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Prevent installers from running as root UNIX
I've noticed that many many installers like to run as with administrator privelages (root) that do NOT need to. Take MS Office for example; the last thing that I want them to do is have unlimited access to my machine, not to mention that there is no reason that it needs it. Also, the new Stuffit installs an unstable KEXT, which it does not notify the user about, which it could not do without root privs. Here is my solution: Make the authentication framework used by these malicious installers unable to launch as root!

It's actually quite simple and will NOT damage any Apple-supplied applications, nor Apple's Installer.app. Disable the SUID bit on /System -> Library -> CoreServices -> AuthorizationTrampoline. To do this simply type (in the Terminal):
 % sudo chmod u-s /System/Library/CoreServices/AuthorizationTrampoline
You will be asked for your admin password, but at least this time you will know what it's being used for!

[robg adds: I'm not sure what effect this might have on the various installers -- if it can't run as root, does it still run? I don't have anything lying around that I can test this with, so until someone comments, I'm not sure of the impact of this change.]
    •    
  • Currently 2.25 / 5
  You rated: 1 / 5 (4 votes cast)
 
[8,640 views]  

Prevent installers from running as root | 6 comments | Create New Account
Click here to return to the 'Prevent installers from running as root' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
other effects?
Authored by: hayne on Nov 25, '03 12:41:58PM

While I heartily support the basic idea of limiting the power of installers, there are some installers that do need 'root' privileges since they install files in system locations. Obviously the change suggested by this hint would need to be reversed before such installers could run successfully.

But I am more worried about possible other effects that this change would have. The AuthorizationTrampoline utility may be used by other things besides installers. In particular I suspect that it might be used to implement the new "Finder Admin Authentication" feature in Panther.

What I do before running an installer is run a script that looks at the "bill of materials" (what will get installed and where) by using the 'lsbom' command.



[ Reply to This | # ]
other effects?
Authored by: GaelicWizard on Nov 25, '03 03:15:09PM

This actually doesn't effect installers with a .pkg extention, only the 3rd party ones.

If you are installing as an Admin user, then there is no place on the system that you should write to that you cannot write to. The only place that this disables writing to is /System and some unix directories (like /usr). There is no reason for an installer to *EVER* install to these places. (if you're thinking /usr/local, then you can make the dir and 'chown :admin /usr/local' to make it happy) Admin users have write permissions to /Library which is the only place that an installer should put "system" files. :-)

JP

---
Pell



[ Reply to This | # ]
Prevent installers from running as root
Authored by: _merlin on Nov 25, '03 06:45:14PM

This is not a smart thing to do. There are applications that require root access to work. Things that install kernel extensions, installing keyboard layouts under 10.1, temporarily loading drivers, and a few other things. If you don't want to give a program root access, don't enter your password! Don't screw things up like this.



[ Reply to This | # ]
Bad bad bad idea
Authored by: Basilisk on Nov 25, '03 11:27:55PM

Fooling with the Authorizaton framework is a surefire way to trouble.

Installers are not the only applications which require authorization services, and the AuthServices API expects proper behavior from the trampoline. Disabling it in this manner will cause grief.

If you don't trust the installer click the nice, big "Cancel" button Apple has already provided. Its what its there for.

And contrary to the assertions in the "Other effects?" comment above, installers cannot just be limited to installing to /Library. Any installation which requires a kernel extension (video drivers, mouse drivers, etc.) need to install to /System/Library/Extensions. /Library/Extensions is not a probed location for kernel load for extensions (see Apple's developer documentation for why).

Bas



[ Reply to This | # ]
Prevent installers from running as root
Authored by: GaelicWizard on Jul 18, '06 07:28:07PM

While I agree in principle, that approach simply doesn't work. It is not reasonable to say that I shouldn't use the app that I just downloaded *at all* simply because it was incorrectly packaged. If something *does* need root, I can re-enable it.

JP

---
Pell



[ Reply to This | # ]
Prevent installers from running as root
Authored by: GaelicWizard on Jul 18, '06 07:29:19PM

My last comment was supposed to be a reply to the same-titled comment a few spots up, but ...?

JP

---
Pell



[ Reply to This | # ]