Giving Your Widget that sudo Voodoo

by Joshua Scott Emmons


The tool chest available to widget developers is surprisingly robust. If you can put it on a web page, you can put it in a widget. AJAX and other Web 2.0 technologies are right at home inside Dashboard. If you need to do something slightly more radical, plugins can be written in Cocoa. And, of course, the wide wealth of unix command line tools are available to widget makers through the widget object’s system() method.

But having access to a command line tool and having the permissions needed to use it are two completely different things. I ran headlong into this when writing Share Switch. I wanted to be able to turn file sharing on and off inside Dashboard. Turns out there’s a command line tool called AppleFileServer that does just that! But there’s a catch: one must be root in order to run it.


2006-07-04 11:22:31
Was it really necessary to put this whole article in the RSS feed, instead of just a summary?
Joshua Emmons
2006-07-04 12:14:11
Was it really necessary to put this whole article...

Unfortunately, I do not get a say what does and does not go in the RSS feed. The most I can do is determine where the article gets cut when being displayed on the blog page. If you look there, you'll see that only the first two paragraphs are listed.

O'Reilly has made the decision that the entirety of its articles should be included in the RSS feed. I think this is a smart move as most RSS readers (Safari included) allow you to define how much of the feed's articles you want presented to you. If you only want to see the first paragraph of each article, dial this value down. That way you're happy without messing things up for the next person who wants to read the entire article in their RSS browser.

Of course it's possible I've overlooked some obvious burden this imposes on you. If that's the case, let me know. I'll take it my web-master overlords for consideration.

2006-07-04 13:01:02
I can back you up on that one, Joshua. I use Safari to shorten what I display in my RSS feeds, this is not a problem at all.
Robert Stainsby
2006-07-04 14:42:58
Thanks very much Joshua for this useful article. Share Switch is a bit bigger than I usually like my widgets, but it's such a cute design that it gets away with it.

I was concerned when I first downloaded Share Switch a few weeks back about giving it my password, and almost wrote to you then to ask about security. I'm pleased to see you take these issues seriously. You're a good role model for the rest of us doing Mac development.

Charles Albrecht
2006-07-05 11:17:33
whoami(1) is obsolete and has been for several years.

id(1) is much more flexible and with the '-un' switch will give you the same abbreviated value that whoami returns.

So, instead of whoami, I'd suggest using:

/usr/bin/id -un

Joshua Emmons
2006-07-05 13:33:19
whoami(1) is obsolete...

While this is true (and is even pointed out on the man page I link to), for the sake of this example, I don't think it is hurting anything. Sure I could have used id -un, but I like whoami because I feel its function is more easily intuited from its name. Seeing as this is an instructional article and not mission critical code, I think readability trumps conformance in this case.

Still, I suppose it's possible whoami could be yanked at some future date from 10.5 or 10.6. So if anyone is reading this after 2006, take Charles's advise and use id instead of whoami!

2006-07-05 14:09:05
Unless I'm crazy, this sounds like a great way to write a Trojan that would open up remote login AND send the admin password - so long as it looked like you were actually doing something useful and believable - i.e. an action that would fool a typical user required password entry, like perhaps installing a new version.
(Your typical user is never sure why some updates do and some don't).

(Maybe that's what the new background Dashboard daemon is - something to allow Apple to throw a kill switch on bad widgets).

Joshua Emmons
2006-07-05 16:29:50
...this sounds like a great way to write a Trojan...

I suppose... though, of course, the same thing can be said about any program anywhere. Widgets aren't special. The standard rules apply. Don't install software you don't trust. Be extra skeptical of software that asks for your password.

The nice thing about widgets, though, is that anyone who wishes to can open them up and look at their source without jumping through hoops. So it's relatively trivial for someone with javascript knowledge to certify that a widget is harmless.

2008-01-26 06:59:45
OMG what an awesome article. I've been up all night working on my widget, and I was looking for a way to implement the sudo command. But after reading this article I realized that my problems with freezing interfaces are caused by synchronicity issues when running commands. awesome! My main widget headaches are now mostly solved.