Re: Non-priv way to collect job stats under Intel?
Re: Non-priv way to collect job stats under Intel?
- Subject: Re: Non-priv way to collect job stats under Intel?
- From: Jeffrey Johnson <email@hidden>
- Date: Tue, 1 Aug 2006 07:37:17 -0400
Hi Garth,
On 7/31/06 at 3:30 PM, email@hidden (Garth Cummings) wrote:
>Hi Jeffrey,
>
>On Jul 31, 2006, at 3:19 PM, Jeffrey Johnson wrote:
>
>> We're making a universal binary of an app that calls task_for_pid
>> () on PPC to gather cputime
>> statistics on demand for its child processes and displays the stats
>> in a window in a ps-like
>> fashion. (We retrieved the source for ps and found the task_for_pid
>> () call).
>>
>> Alas, task_for_pid has gone privileged on Intel, and since ps is
>> SUID root, I assume ps is still
>> using task_for_pid. But we can't, since we're not (and don't want
>> to be) run as root.
>
>If you want to get your current code to work, the recommended way to
>do this is to factor out the stuff that has to run privileged into a
>separate setuid root tool. Take a look at "Performing Privileged
>Operations with Authorization Services" for details:
>
><http://developer.apple.com/documentation/Security/Conceptual/
>authorization_concepts/index.html>.
>
>More info can be found via the Security topic page:
>
><http://developer.apple.com/security>.
Thanks, but this seems like overkill just to get CPU stats for processes we own.
We don't require any authorization dialogs anywhere (drag across install) and some of our customers
are in some, ah, slighly paranoid environments where a third party SUID-root tool would put us at a
disadvantage because they'd have to spend resources auditing the tool (and our competitors don't
have any such tools to audit). We may have to end up shelling out to ps on intel boxes...
Thanks
Jeffrey Johnson
Macintosh Development
Wavefunction, Inc.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden