On OS X privileged operations are done through AuthorizationExecuteWithPrivileges() around which Apple published two recommendations:
The old MoreAuth using setuid helper tools.
The current BetterAuthorizationSample littering the system with launchd files.
I don't know any applications using the latter...
I've used it, and it's a pain to implement. FWIW, I know that BBEdit and PGP Desktop use it.
I'm trying to use it at the moment. The only objection I have is that when one deletes my application the helper tool stays where it is.
Related
My goal is to determine when executing a command, precisely which files it reads and writes. On Linux I can do this using ptrace (with work, akin to what strace does) and on FreeBSD and MacOS I can do this with the ktrace system command. What would you use to obtain this information on Windows?
My research so far suggests that I either use the debugger interface (similar to ptrace in many ways) or perhaps ETW. A third alternative is to interpose a DLL to intercept system calls as they are made. Unfortunately, I don't have the experience to guess as to how challenging each of these approaches will be.
Any suggestions?
Unfortunately it seems there is no easy way to intercept file level operations on Windows.
Here are some hints:
you could try to use FileMon from Sysinternals if it is enough for your needs, or try to look at the source of the tool
you could make use of commercial software like Detours - beware, I never used that myself and I'm not sure it really meets your needs
If you want a better understanding and are not frightened at doing it by hand, the Windows way of intercepting file I/O is using a File System Filter Driver. In fact, there is a FilterManager embedded in Windows system that can forward all file system calls to minifilters.
To build it, the interface with the system is provided by the FilterManager, and you have just (...) to code and install the minifilter that does the actual filtering - beware again never tested that ...
As you suggested, this is a fairly simple task to solve with API hooking with DLL injection.
This is a pretty good article about the application: API hooking revealed
I believe you can find more recent articles about the issue.
However, you probably need to use C++ to implement such a utility. By the way, programs can disable DLL injection. For example, I weren't able to use this approach on the trial version of Photoshop.
So, you may want to check if you can inject DLL files in the process you want with an existing solution before you start writing your own.
Please, take a look to the article CDirectoryChangeWatcher - ReadDirectoryChangesW all wrapped up.
It is a very old, but running, way to watch directory changes.
Microsoft owns a bunch of tools called Sysinternals. There is a program called Process Monitor that will show you all the file accesses for a particular process. This is very likely what you want.
Check this particular Stack Overflow question out for your question... This might help you:
Is there something like the Linux ptrace syscall in Windows?
Also, if you are running lower versions like Windows XP then you should check out Process Monitor.
Also, I would like you to check this out...
Monitoring certain system calls done by a process in Windows
I work on linux. I donot have much idea in windows. How the permissions of files are organized in windows? Do we have any api like chmod in unix to change the permissions?
for windows there is a tool called cacls, but it behaves differently than chmod, so you would better to read docs: http://technet.microsoft.com/en-us/library/bb490872.aspx
The Win32 API has a function named SetFileAttributes for managing file attributes, among them permissions.
Here's an example from MSDN.
The security model in Windows NT-based systems is very different from the Unix one that the overwhelming majority of Linux systems use. They work from ACLs (Access Control Lists) and can get very ornate in terms of who gets what permission where. Further they apply to almost every (perhaps even every?) object in the Win32 API, not just files. (This doesn't apply to the pathological FAT file systems if memory serves.)
I would recommend looking closely at how the Win32 security model works before you start messing with tools like cacls (the closest to chmod you're going to find) because you can hurt your system pretty badly if you mess with permissions without understanding them. It's a whole lot more complex than vanilla Linux.
I'm working on a project that's supposed to work on both Windows and Linux (with an unofficial Mac port as well) that emulates a true colour system console.
My problem is that recently there appeared a request for textfield support (yes, console-based) and it would be cool to add the possibility of copying text to clipboard and pasting from it. Is there a way of achieving this that will:
be done in C (not C++),
work in both Windows and in Linux (preprocessor macros are an option if there's no platform-independent code),
require no extra libraries to link to?
Thanks in advance for your help.
If you're not using a cross platform UI library (like wx or something), then it sounds like you're just going to have to write native clipboard code for each platform you want to support.
Remember, on Macintoshes, you copy with Command-C, not Ctrl+C :)
The clipboard is inherently an operating system defined concept. The C language itself has no knowledge of what a clipboard is or how to operate on it. You must either interface directly with the OS, or use a portability library that does this on your behalf. There is no way around this.
Personally I would define my your own function
getClipboardText();
That is defined in two different header files (linux_clipboard.h, windows_clipboard.h, etc) and then do pre-proccessor stuff to load the appropriate one accordingly. I don't really code in C/C++ so I'm sorry if that didn't make any sense or is bad practice but that's how I'd go about doing this.
#if WIN32
#include windows_clipboard.h
#endif
That sort of thing
Remember:
For linux you have to deal with different window managers (Gnome, KDE) all with different ways of managing the clipboard. Keep this in mind when designing your app.
You may be able to communicate to the clipboard by using xclip. You can use this python script here to do this job via communicating with 'dcop' and 'klipper' here. That is for KDE, I do not know how it would be done under GNOME... You may also be able to do this independantly of either GNOME/KDE by using DBUS, although I cannot say 100% confidently on that either...
Just be aware, that for a truly cross-platform job, you have to take into account of the different GUI's such as under Linux, X is the main window manager interface and either GNOME/KDE sits on top of it..I am not singling out other GUI's such as FluxBox, WindowMaker to name but a few, and that there will be a lot of platform dependant code, and also in conjunction, you will be dealing with Windows clipboard as well..all in all, a big integrated code...
Have you not considered looking at the raw X programming API for clipboard support? Maybe that might be better as I would imagine, GNOME/KDE etc are using the X's API to do the clipboard work...if that is confirmed, then the work would be cut out and be independant of the major GUI interfaces...(I hope that would be the case as it would make life easier for your project!)
Perhaps using compile-time switches, for each platform...WIN, KDE, GNOME, MAC or use the one that is already pre-defined..
Hope this helps,
Best regards,
Tom.
I have written a small custom web server application in C running on Linux. When the application receives a request it calls fork() and handles the request in a separate process, which is chrooted into a specific directory containing the files I want to make available.
I want to port the application to Windows, but neither fork() nor chroot() are available on this platform, and there don't seem to be any direct equivalents. Can you point me to a simple (and preferably well written) example of code that will provide this functionality in Windows? My C isn't all that good, so the simpler the better.
First of all, the Windows equivalent of chroot is RUNAS which is documented here. If you need to do this from a program, then studying this C++ source code should help you understand how to use the Windows API. It is not precisely the same as chroot() but Windows folk use it to create something like a chroot jail by creating a user with extremely limited permissions and only giving that user read permission on the application folder, and write permission on one folder for data.
You probably don't want to exactly emulate fork() on Windows because it doesn't sound like you need to go that far. To understand the Windows API for creating processes and how it differs from fork(), check Mr. Peabody Explains fork(). The actual current source code for Cygwin's fork implementation shows you the current state of the art.
The Microsoft documentation for CreateProcess() and CreateThread() are the place to look for more info on the differences between them.
And finally, if you don't want to learn all the nitty-gritty platform details, just write portable programs that work on Windows and Unix, why not just use the Apache Portable Runtime library itself. Here are some docs on process creation with some sample code, in C, to create a new process.
There's no such thing as fork() on Windows. You need to call CreateProcess() - this will start a separate process (mostly equivalent to calling fork() and then immediately exec() for the spawned process) and pass the parameters to it somehow. Since you seem to have all the data to process in a dedicated directory you can make use of lpCurrentDirectory parameter of CreateProcess() - just pass the directory path you previously used with chroot() there.
The absolutely simplest way of doing it is using Cygwin, the free Unix emulation layer for Windows. Download it and install a complete development environment. (Choose in the installer.) If you are lucky, you will be able to compile your program as is, no changes at all.
Of course there are downsides and some might consider this "cheating" but you asked for the simplest solution.
Without using a compatibility framework (Interix, Cygwin, ...) you're looking at using the Windows paradigm for this sort of thing.
fork/vfork is a cheap operation on UNIXes, which is why it's used often compared to multi-threading. the Windows equivalent - CreateProcess() - is by comparison an expensive operation, and for this reason you should look at using threads instead, creating them with CreateThread(). There's a lot of example code out there for CreateThread().
In terms of chroot(), Windows doesn't have this concept. There's libraries out there that claim to emulate what you need. However it depends why you want to chroot in the first place.
Reading comments, if it's simply to stop people going up the tree with ../../../../(etc), chroot would do the job, but it's no substitue for parsing input in the first place and making sure it's sane: i.e., if too many parents are specified, lock the user into a known root directory. Apache almost certainly does this as I've never had to create a chroot() environment for Apache to work...
Using fork/chroot is simply not how things are done on Windows. If you are concerned about security in subprocesses, maybe some form of virtualization or sandboxing is what you want to use. Passing complex information to the subprocess can be done by some form of RPC-solution.
It sounds to me as if you have designed your application in the Unix way, and now you want to run in on Windows without having to change anything. In that case, you may want to consider using Cygwin, but I'm not sure if/how Cygwin emulates chroot.
Consider SUA ( aka Windows Services for Unix ). It has nearly everything you need to port applications.
man chroot(interix)
I'm new to windows programming and I'm trying to get notified of all changes to the file system (similar to the information that FileMon from SysInternals displays, but via an API). Is a FindFirstChangeNotification for each (non-network, non-substed) drive my best bet or are there other more suitable C/C++ APIs?
FindFirstChangeNotification is fine, but for slightly more ultimate power you should be using ReadDirectoryChangesW. (In fact, it's even recommended in the documentation!)
It doesn't require a function pointer, it does require you to manually decode a raw buffer, it uses Unicode file names, but it is generally better and more flexible.
On the other hand, if you want to do what FileMon does, you should probably do what FileMon does and use IFS to create and install a file system filter.
There are other ways to do it, but most of them involve effort on your part (or take performance from your app, or you have to block a thread to use them, etc). FindFirstChangeNotification is a bit complicated if you're not used to dealing with function pointers, etc, but it has the virtue of getting the OS to do the bulk of the work for you.
Actually FileSystemWatcher works perfectly with shared network drives. I am using it right now in an application which, among other things, monitors the file system for changes. (www.tabbles.net).
You can use FileSystemWatcher class. Very efficient but cannot work with Network shared drives.