Is it possible to have a privileged worker process for a GUI program,
that runs in the same process group.
Yes, using setuid.
But with launchd, I dunno. Is it?
Longer explanation of my situation:
The reason I'm investigating this is that I read somewhere
that launchd is more secure. So I use the BetterAuthorizationSample
and posix_spawn to create a privileged process, and establish
a mutal DO connection with the GUI. Making it work was fairly easy.
However stopping the privileged process is surpisingly difficult
to do in a secure way, when the privileged process is not running
in the same process group.
I setup a kqueue to monitor the pid of the GUI process,
so it the privileged process is woken up (unless it's stuck somewhere)
and then it can kill itself.
The GUI process is sending a stop invocation via DO to
the privileged process, telling it to terminate. However
this message may never reach the process if it's unresponsive.
So I protect all calls with a setalarm watchdog, so if the
operation isn't completed within 10 seconds it dies.
As a last resort I have a BAS command for sending a SIGUSR
to a process given by a PID. This is what bothers me,
because it can easily be hijacked and sending a signals to
the wrong process can restart the computer (I tried that a few times).
Yet, despite all these mechanisms the privileged process
sometimes sticks around. For this reason, and for the
insecure SIGUSR mechansim, I'm seeking a better solution.
Having the privileged process run in same processgroup
seems like the best solution, however it doesn't seem
like it's possible to reparent a process.
--
Simon Strandgaard
http://graphicdesignertoolbox.com/
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
