Cork should use macOS-native PAM authorization instead of ingesting an admin password #593
Description
Note: I initially posted this as a security issue on Homebrew's GitHub, but apparently I misremembered, and the Homebrew CLI actually does properly support Touch ID, so this seems to be specific to Cork and not Homebrew.
Hopefully I haven't misremembered again; I could swear I got hit with a bunch of password prompts when I was adopting apps into Homebrew using Cork...
Currently Cork seemingly passes sudo password prompts through to the user by directly ingesting an admin password as a string.
EDIT: Yep! I just got hit with this prompt!
This behavior is particularly noticeable if the user has enabled PAM support for Touch ID, as Cork does not provide passthrough Touch ID support via PAM.
I have observed this same behavior in other places, where it is generally identified as a known security issue.
In the comments on basically this same issue for Balena Etcher I noted that Raspberry Pi Imager does in fact implement this correctly, providing a representative sample of how to call PAM authorization from non-native code, albeit in Objective-C++ rather than Swift (or TypeScript). [Direct link to Raspberry Pi Imager code]
Off the top of my head I don't know if Raspberry Pi Imager is license-compatible with Cork, but the useful thing with the code sample is just that it shows what precisely is involved in requesting sudo access from Apple's system APIs rather than simply ingesting the administrator password as a string.
I am not a Swift developer, but I imagine that since you are already using Apple's system APIs it should be relatively simple to add similar functionality to Cork.