• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: How to become root
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to become root

  • Subject: Re: How to become root
  • From: Jean-Daniel Dupas <email@hidden>
  • Date: Sat, 17 Mar 2012 00:43:48 +0100
I'm don't want to give details here as it is off topic. But I can give you some hints.

To use task_for_pid, you don't need to run your tool as root.
You can to it by properly signing your tool with a trusted certificate (a self signed certificate is enough as long as you install it properly in your Keychain).

see man taskgated  for some information.

And See the instruction at "http://llvm.org/svn/llvm-project/lldb/trunk/docs/code-signing.txt"; to see how you can make it works (Keychain's bugs workaround included).

The drawback will be that your tool will present you an authentication dialog at launch.


Le 16 mars 2012 à 23:56, Prime Coderama a écrit :

> Shouldn't the the SMJobBless example be used? Although I am still struggling to get this to work - even have an open Apple support issue.
>
> On 16/03/2012, at 11:45 PM, Jean-Daniel Dupas wrote:
>
>>
>> Le 16 mars 2012 à 13:27, Gerriet M. Denkmann a écrit :
>>
>>>
>>> On 16 Mar 2012, at 19:17, Jean-Daniel Dupas wrote:
>>>
>>>>
>>>> Le 16 mars 2012 à 12:33, Gerriet M. Denkmann a écrit :
>>>>
>>>>> I have an app which needs to do (among other things) to call task_for_pid() which seems to work only for root.
>>>>>
>>>>> The modern way to  do this is have a small companion tool which exchanges info with my app via XPC. Correct?
>>>>>
>>>>> I am also thinking about sandboxing (just as a learning experience). Or is root and sandboxing mutually exclusive?
>>>>>
>>>>> Then: how to make my companion tool run as root?
>>>>> Is there a sandboxing entitlement like: com.apple.security.rootAllowed?
>>>>> If not: what else to use?
>>>>>
>>>>
>>>> The short answer is don't expect to use task_for_pid with sandboxing. This function is restricted for good reasons.
>>>
>>> Ok, so let's forget about sandboxing. Not very important - not aiming for the Mac Store.
>>>>
>>>> What are you trying to do that require to get an other process mach port ?
>>> Something like vmmap.
>>
>> So, I fear this is note the good list for such question. darwin-dev, will be a better place.
>>
>> -- Jean-Daniel
>>
>>
>> _______________________________________________
>>
>> Cocoa-dev mailing list (email@hidden)
>>
>> Please do not post admin requests or moderator comments to the list.
>> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>>
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>

-- Jean-Daniel





_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >How to become root (From: "Gerriet M. Denkmann" <email@hidden>)
 >Re: How to become root (From: Jean-Daniel Dupas <email@hidden>)
 >Re: How to become root (From: "Gerriet M. Denkmann" <email@hidden>)
 >Re: How to become root (From: Jean-Daniel Dupas <email@hidden>)
 >Re: How to become root (From: Prime Coderama <email@hidden>)

  • Prev by Date: Re: Why so many public properties all up in my grizzle?
  • Next by Date: Re: Why so many public properties all up in my grizzle?
  • Previous by thread: Re: How to become root
  • Next by thread: Re: How to become root
  • Index(es):
    • Date
    • Thread