Mac SCR: Create a new tiny utility gfx_switcher for use by screensaver to safely launch and kill gfx apps with user, group boinc_project

svn path=/trunk/boinc/; revision=13759

checkin_notes

@@ -9059,7 +9059,7 @@ David  2 Oct 2007
         client_state.C
         switcher.C
 
-Charlie 1 Oct 2007
+Charlie 2 Oct 2007
     - Mac SCR: Create a new tiny utility gfx_switcher and put it inside 
         screensaver's bundle instead of a copy of switcher.  It sets real 
         user ID, saved set_user-ID, real group ID and saved set_group-ID 
@@ -9081,3 +9081,5 @@ Charlie 1 Oct 2007
     mac_build/
         boinc.xcodeproj/
             project.pbxproj
+        Mac_SA_Insecure.sh
+        Mac_SA_Secure.sh

mac_build/Mac_SA_Insecure.sh

@@ -43,7 +43,7 @@
 # the --insecure option.
 # NOTE: running BOINC with security disabled is not recommended.
 #
-# Last updated 9/19/07
+# Last updated 10/2/07
 
 function remove_boinc_users() {
     name=$(dscl . search /users RecordName boinc_master | cut -f1 -s)
@@ -120,9 +120,9 @@ if [ -x /Applications/BOINCManager.app/Contents/Resources/boinc ] ; then
 fi
 
 # Version 6 screensaver has its own embedded switcher application, but older versions don't.
-if [ -x "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/switcher" ] ; then 
-    chown ${user}:${group} "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/switcher"
-    chmod -R u+r-ws,g+r-ws,o+r-ws "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/switcher"
+if [ -x "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher" ] ; then 
+    chown ${user}:${group} "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher"
+    chmod -R u+r-ws,g+r-ws,o+r-ws "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher"
 fi
 
 remove_boinc_users

mac_build/Mac_SA_Secure.sh

@@ -64,7 +64,7 @@
 # sudo dscl . -delete /groups/boinc_master users mary
 # 
 
-# Last updated 10/2/07 for BOINC version 5.10.21
+# Last updated 10/2/07 for BOINC version 5.10.21 and later
 # WARNING: do not use this script with older versions of BOINC
 
 function make_boinc_user() {
@@ -231,9 +231,9 @@ fi
 # Version 6 screensaver has its own embedded switcher application, but older versions don't.
 # We don't allow unauthorized users to run the switcher application in the BOINC Data directory 
 # because they could use it to run as user & group boinc_project and damage project files.
-# The screensaver's switcher application runs as user and group "nobody" to avoid this risk.
-if [ -x "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/switcher" ] ; then 
-    set_perm "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/switcher" nobody nobody 6555
+# The screensaver's switcher application has very limited functionality to avoid this risk.
+if [ -x "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher" ] ; then 
+    set_perm "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher" root boinc_master 4551
 fi