This is compliant with the classic security guidelines that were established for the first generations of macOS (called Mac OS X at that time), and is stricter than the guidelines usually in effect for graphical applications running with modern versions of macOS. You cannot act as a different user while your identity is being verified by entering that user’s name and password. This means it won’t be possible to initiate a privileged operation for a user account which has not logged in as administrator. The login session in which TinkerTool System is running must have been started by this user, or by a different user who has also been granted administrative rights. This special option is the default for the user who owns the computer and has set it up. The running user session must be owned by an administrator: For security reasons, only those users can initiate a privileged operation in TinkerTool System for which the option Allow user to administer this computer is enabled in the account management of macOS. The following rules apply when verifying the right to execute a protected operation:
After this special trust relationship has been established between main application and privileged component, TinkerTool System will begin to control the special permissions from there on. To create the aforementioned monitored link between main application and privileged component, macOS asks for permission to setup the helper program during the first start of TinkerTool System. You receive a notice in the graphical user interface that the pending task could not be continued due to security reasons. In case the current user cannot identify as system administrator, the privileged operation will be rejected, denying its execution. The privileged helper will also be called security component in this context. This means we have a separation of user rights in this setup. Only the privileged component, which is monitored and specially protected by macOS has this technical capability. Even if an unauthorized attacker would manage to manipulate the main program, it could not trigger any malicious functions in the computer, because it could not get permission to do that. A second component, the so-called privileged helper does this work by receiving the request of the main application via a secure, tap-proof channel. The privileged job is not executed by the main application, however.
If yes, the task will continue and the privileged operation can start.
However, as soon as a privileged operation has to be executed, for example changing a setting that takes effect for all users of the computer, not only the current one, the application stops, makes you aware of the pending task, and checks whether the current user can identify herself as system administrator. It also executes all tasks that don’t require any special permissions. To guarantee a high security level, TinkerTool System works in two parts: The normal main application with the graphical user interface is coordinating all operations. Only responsible system administrators who manage the respective computer should be allowed to perform such actions. This is necessary because the application can be used to perform critical operations in macOS, for example to alter or even delete operating system files. When you launch TinkerTool System for the first time, it will automatically integrate into the security model of macOS.