How to distribute an OSX program with the suid bit set through a DMG?

Question

I have a small diagnostic OSX program - a small menu-tray app - that I need to get to a customer. The program makes use of dtrace. As such, it has an auxiliary executable in it's MacOS directory with its suid bit set and ownership set to root:wheel. The helper's only role is to immediately exec() to dtrace with an included dtrace script.

My problem is that I can't figure out a good way to get this to the customer. Naively putting it into a .zip archive wiped out all the special permissions.

When I tried to put it in a DMG, the root:wheel ownership got reset to mine (ted:staff). I found that I was supposed to use diskutil to enableOwnership on the DMG to get it to start respecting file object ownership settings. So now I can see that inside the DMG, my helper program has the required root:wheel and +s suid permissions set.

Now, however, I've found that when I drag and drop the app bundle out of the DMG and onto the desktop, the permissions get reset again. Moreover, when I try to run the application from the DMG, it behaves as though the helper program doesn't have the suid bit set.

Stepping back from this a bit, I don't see why this should work at all. It seems like it would be a nasty and really obvious security hole to allow developers to distribute app bundles with the suid bit set like this.

So how is this done at all? Do I need a package installer? Will that preserve the suid bit? Can someone school me on how this is supposed to work?

Answer 1

You are correct that (if there were a simple way to do this) it would be a nasty security hole. You should never be able to create/install a setuid root executable without going through some admin authorization step. Indeed, you shouldn't even be able to create/install a file with ownership set to any user other than your own.

(Actually, there is an exception to that in 10.9: the App Store will allow you to install apps without admin rights. But that's considered relatively safe because Apple vets the apps before they're allowed in the store.)

The "right" way to do this is with a package installer. It can be set to request admin authorization for the installation, and use that to install files with whatever ownership and permissions you want (including the setuid bit).

Answer 2

Perhaps using a .tar file would work. They are very good for keeping all of the UNIX specific baggage like ownership attached to folders and files inside of them.