Re: AXMakeProcessTrusted, AXIsProcessTrusted
Re: AXMakeProcessTrusted, AXIsProcessTrusted
- Subject: Re: AXMakeProcessTrusted, AXIsProcessTrusted
- From: Michael Ash <email@hidden>
- Date: Mon, 13 Apr 2009 11:27:55 -0400
On Apr 13, 2009, at 12:17 AM, m wrote:
Is it the case that for an application to be "trusted", it must not
be located in a FileVault secured home directory?
I have a command-line utility that uses AXMakeProcessTrusted() to
make an app trusted, and as long as the path to the app's executable
is correct, it never returns anything but noErr.
However, if the application I am trying to make trusted is located
anywhere in my home directory (which secured by FileVault),
AXIsProcessTrusted() returns false.
Is this a bug or by design?
Kind of both. AXMakeProcessTrusted works by setting the setgid bit
(like setuid but for group ownership) on your process, and setting its
group ownership to a particular group whose identity I cannot recall
at the moment.
FileVault works by creating a password-protected disk image for your
home directory, and mounting it when you log in. Disk images are
usually set to ignore the setuid/setgid bit, otherwise you could just
craft a disk image with a setuid root shell on it and mount it to take
over the system.
This collision of implementation details means that your process can't
be setgid in a FileVault home directory and therefore can't be made
trusted with this API.
My suggestion would be to first file a bug with Apple, then implement
your app to check for this situation and advise the user to either
manually turn on assistive access or move your app to /Applications.
Mike
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Accessibility-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden