{
	"id": "964543ee-6f14-4ad6-b4d6-7bd609850b03",
	"created_at": "2026-04-06T00:15:08.885452Z",
	"updated_at": "2026-04-10T13:12:24.864903Z",
	"deleted_at": null,
	"sha1_hash": "041ae1ceacbe9cd2569889e9ba02ab1af5cd6a59",
	"title": "AuthorizationExecuteWithPrivileges | Apple Developer Documentation",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48937,
	"plain_text": "AuthorizationExecuteWithPrivileges | Apple Developer\r\nDocumentation\r\nArchived: 2026-04-05 13:51:32 UTC\r\nDiscussion\r\nThis function enables you to execute the tool you specify in the pathToTool parameter as a separate, privileged\r\nprocess. The new process will run with root privileges regardless of the privileges of the invoking process. The\r\nnew process can retrieve the authorization reference by calling the function AuthorizationCopyPrivileged\r\nReference . The arguments you pass in the arguments parameter are relayed to the new process’s argv\r\nparameter. A set of file descriptors is linked to the new process’s standard input and output so that your process\r\nmay communicate with the new process.\r\nTo check if the user is authorized to perform this operation, you should preauthorize the kAuthorizationRight\r\nExecute right. See AuthorizationItem for a description of what information is included in the authorization\r\nitem for this right.\r\nSpecial Considerations\r\nYou should use this function only to allow installers to run as root and to allow a setuid tool to repair its\r\nsetuid bit if lost. This function works only if the Security Server establishes proper authorization.\r\nThis function poses a security concern because it will indiscriminately run any tool or application, severely\r\nincreasing the security risk. You should avoid the use of this function if possible. One alternative is to split your\r\ncode into two parts—the application and a setuid tool. The application invokes the setuid tool using standard\r\nmethods. The setuid tool can then perform the privileged operations. If the tool loses its setuid bit, use the\r\nAuthorizationExecuteWithPrivileges function to repair it. Factoring your program minimizes the use of this\r\nfunction and reduces the risk of harm. Read Inside macOS: Performing Privileged Operations With Authorization\r\nServices.\r\nNote that this function respects the setuid bit, if it is set. That is, if the tool you are executing has its setuid bit set\r\nand its owner set to foo, the tool will be executed with the user foo’s privileges, not root privileges. To ensure that\r\nyour call to the AuthorizationExecuteWithPrivileges function works as intended, make sure the setuid bit of\r\nthe tool you wish to execute is cleared before calling AuthorizationExecuteWithPrivileges to execute the tool.\r\nSource: https://developer.apple.com/documentation/security/1540038-authorizationexecutewithprivileg\r\nhttps://developer.apple.com/documentation/security/1540038-authorizationexecutewithprivileg\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://developer.apple.com/documentation/security/1540038-authorizationexecutewithprivileg"
	],
	"report_names": [
		"1540038-authorizationexecutewithprivileg"
	],
	"threat_actors": [],
	"ts_created_at": 1775434508,
	"ts_updated_at": 1775826744,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/041ae1ceacbe9cd2569889e9ba02ab1af5cd6a59.pdf",
		"text": "https://archive.orkl.eu/041ae1ceacbe9cd2569889e9ba02ab1af5cd6a59.txt",
		"img": "https://archive.orkl.eu/041ae1ceacbe9cd2569889e9ba02ab1af5cd6a59.jpg"
	}
}