Actually I have thought of those things, and the answers are:
Since the image files are not part of the binary, they have to be installed. I am working on putting them inside the binary, but things are slow on that front (any help would be appriciated... I haven't figured out how to get the octal data in). Since I am installing multiple files (around 15), a .pgk is the best way to go.
The CGI has to be run as root because otherwise I cna't chage the working ID durring runtime. I have to do this because the Addressbook.framework only allows you to view the information from the current userID. I am puling quite the trick to get all the information. In other words: it has to be root to work.
I am toying with an idea to alow people to install a version that only gives access to their own Addressbook and puts the cgi in their own private folder, but that still requires and administration password to change some configuration files or the cgi-bin directory. There are potential nightmares in a lot of places.
I have thought of running as a daemon and a responder, but thought I should get it working first. Ths would conceptually increase security, but not by much since I am being very careful about taint (and Obj-C strings to prevent buffer overflows). Long term I have some more ambitous ideas with this system that will change the whole security discussion.
PS... You should never run a web server as 'nobody', you sould always run it as 'www', a user with no privileges. Because so many system process run as 'nobody' that user winds up with the power to do a lot of damage. 'www' on the other hand can only mess up your web space.
Top
