Prevent installers from running as root

Nov 25, '03 10:31:00AM

Contributed by: GaelicWizard

I've noticed that many many installers like to run as with administrator privelages (root) that do NOT need to. Take MS Office for example; the last thing that I want them to do is have unlimited access to my machine, not to mention that there is no reason that it needs it. Also, the new Stuffit installs an unstable KEXT, which it does not notify the user about, which it could not do without root privs. Here is my solution: Make the authentication framework used by these malicious installers unable to launch as root!

It's actually quite simple and will NOT damage any Apple-supplied applications, nor Apple's Installer.app. Disable the SUID bit on /System -> Library -> CoreServices -> AuthorizationTrampoline. To do this simply type (in the Terminal):

 % sudo chmod u-s /System/Library/CoreServices/AuthorizationTrampoline
You will be asked for your admin password, but at least this time you will know what it's being used for!

[robg adds: I'm not sure what effect this might have on the various installers -- if it can't run as root, does it still run? I don't have anything lying around that I can test this with, so until someone comments, I'm not sure of the impact of this change.]

Comments (6)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20031116233818829