Home/ Questions/Q 6839763
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T23:45:31+00:00

I’m using AuthorizationExecuteWithPriveleges to execute bash commands from my App with admin privilege. I

  • 0

I’m using AuthorizationExecuteWithPriveleges to execute bash commands from my App with admin privilege. I have found really weird issue. Here what I’m using

    FILE *pipe=nil;
    OSStatus err;
    AuthorizationRef authorizationRef;
    char *command= "/bin/chmod";
  
    
    char *args[] = {"644","folderPath", nil};

   if(err!=0)
    {
                                err = AuthorizationCreate(nil,
                                       kAuthorizationEmptyEnvironment,
                                       kAuthorizationFlagDefaults,
                                       &authorizationRef);
    }
    NSLog(@"test");
    err = AuthorizationExecuteWithPrivileges(authorizationRef,
                                             command,
                                             kAuthorizationFlagDefaults,
                                             args,
                                             &pipe);

After calling this function about 40 times, it’s starting respond very slowly. And after it is will just die,and freeze application, and I have no idea what is happening to this.It doesn’t show the log "test", and doesn’t do anything, after calling about 40 times.
It doesn’t matter what Bash command or what arguments you are using. It still does the same thing. What is wrong with this ? The reason I’m using this, because my App needs to run on 10.5 as well.

Please if someone have idea, what can I do. I really appreciate it. I need ASAP. Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Looked at this a bit more, and cooked up the following example, presented without warranty, but which works for me for thousands of invocations of AuthorizationExecuteWithPrivileges without issue:

    void DoOtherStuff(AuthorizationRef auth, char* path);

void DoStuff(char* path)
{
    AuthorizationItem foo;
    foo.name = kAuthorizationRightExecute;
    foo.value = NULL;
    foo.valueLength = 0;
    foo.flags = 0;

    AuthorizationRights rights;
    rights.count = 1;
    rights.items = &foo;

    AuthorizationRef authorizationRef;
    OSStatus err = errAuthorizationSuccess;

    if (errAuthorizationSuccess != (err = AuthorizationCreate(NULL,  kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authorizationRef)))    
    {
        NSLog(@"Error on AuthorizationCreate: %lu", (long)err);
        return;
    }

    for (NSUInteger i = 0; i < 5000; i++)
    {
        NSLog(@"Doing run: %lu", (long)i+1);
        DoOtherStuff(authorizationRef, "/tmp/foo");
    }

    if (errAuthorizationSuccess != (err = AuthorizationFree(authorizationRef, kAuthorizationFlagDefaults)))
    {
        NSLog(@"Error on AuthorizationFree: %lu", (long)err);
        return;
    }
}

void DoOtherStuff(AuthorizationRef authorizationRef, char* path)
{    
    OSStatus err = errAuthorizationSuccess;
    FILE *pipe = NULL;
    @try
    {
        char *args[] = {"644", path, NULL};
        if (errAuthorizationSuccess != (err = AuthorizationExecuteWithPrivileges(authorizationRef,
                                                 "/bin/chmod", kAuthorizationFlagDefaults, args, &pipe)))
        {
            NSLog(@"Error on AuthorizationExecuteWithPrivileges: %lu", (long)err);
            return;
        }

        int stat;
        wait(&stat);

        NSLog(@"Success! Child Process Died!");
    }
    @finally 
    {        
        if (pipe)
            fclose(pipe);
    }
}

    What Chris Suter said is dead on. What happens when you call AuthorizationExecuteWithPrivileges is that it fork()s your process and then exec()s the requested process (chmod in this case) from the child process. The child process won’t be reaped until someone calls wait(), but that’s hard because we don’t get the PID of the child out of AuthorizationExecuteWithPrivileges (it would have been returned by fork()). As he said, if you’re sure there aren’t other threads spawning processes at the same time (i.e. your thread is the only one creating child processes), then you can just call the non-PID specific version of wait() like I do in this example.

    If you don’t call wait() then what happens is you accumulate these zombie child processes that are all waiting to be reaped. Eventually the OS says “no more.”

    I feel kinda bad posting this, since it’s just a retread of what Chris Suter said; I’ve upvoted his answer.

    For completeness, here’s a reworked version of that example that achieves the goal by ignoring SIGCHLD instead of calling wait. It also is presented without warranty, but works for me.

    void DoOtherStuff(AuthorizationRef auth, char* path);

void DoStuff(char* path)
{
    AuthorizationItem foo;
    foo.name = kAuthorizationRightExecute;
    foo.value = NULL;
    foo.valueLength = 0;
    foo.flags = 0;

    AuthorizationRights rights;
    rights.count = 1;
    rights.items = &foo;

    AuthorizationRef authorizationRef;
    OSStatus err = errAuthorizationSuccess;

    struct sigaction oldAction;
    struct sigaction newAction;

    newAction.__sigaction_u.__sa_handler = SIG_IGN;
    newAction.sa_mask = 0;
    newAction.sa_flags = 0;

    if(0 != sigaction(SIGCHLD, &newAction, &oldAction))
    {
        NSLog(@"Couldn't ignore SIGCHLD");
        return;
    }

    @try
    {
        if (errAuthorizationSuccess != (err = AuthorizationCreate(NULL,  kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authorizationRef)))    
        {
            NSLog(@"Error on AuthorizationCreate: %lu", (long)err);
            return;
        }

        for (NSUInteger i = 0; i < 1000; i++)
        {
            NSLog(@"Doing run: %lu", (long)i+1);
            DoOtherStuff(authorizationRef, "/tmp/foo");
        }

        if (errAuthorizationSuccess != (err = AuthorizationFree(authorizationRef, kAuthorizationFlagDefaults)))
        {
            NSLog(@"Error on AuthorizationFree: %lu", (long)err);
            return;
        }
    }
    @finally 
    {
        const struct sigaction cOldAction = oldAction;
        if(0 != sigaction(SIGCHLD, &cOldAction, NULL))
        {
            NSLog(@"Couldn't restore the handler for SIGCHLD");
            return;
        }

    }
}

void DoOtherStuff(AuthorizationRef authorizationRef, char* path)
{ 
    OSStatus err = errAuthorizationSuccess;
    FILE *pipe = NULL;
    @try
    {
        char *args[] = {"644", path, NULL};
        if (errAuthorizationSuccess != (err = AuthorizationExecuteWithPrivileges(authorizationRef,
                                                 "/bin/chmod", kAuthorizationFlagDefaults, args, &pipe)))
        {
            NSLog(@"Error on AuthorizationExecuteWithPrivileges: %lu", (long)err);
            return;
        }

        NSLog(@"Success!");
    }
    @finally 
    {        
        if (pipe)
            fclose(pipe);
    }
}
    • 0