Re: IOKit KEXT Question
Re: IOKit KEXT Question
- Subject: Re: IOKit KEXT Question
- From: Michael Smith <email@hidden>
- Date: Thu, 16 Aug 2007 01:03:10 -0700
On Aug 15, 2007, at 11:45 PM, Matt Burnett wrote:
As has clearly been articulated in both this thread and many
others preceding, this has nothing to do with security. It is a
matter of providing sustainable interfaces to developers and
techniques for managing situations where interfaces have to change
in a graceful fashion.
I think the preceding threads prove my point that there is a demand
from the development community to provide kernel hooks even if the
interface is volatile.
That there are demands is clear. The significance of these demands
is open to debate, and the DTS folks are probably in the best
position to comment on that, as they deal with Apple's developer
community on a daily basis. It's not unreasonable to assume that you
aren't the first person to raise these issues, and perhaps it would
help for you to understand more fully how things have reached the
point they are currently at.
If Apple doesn't provide one, then that makes me think they dont
want to because it could destroy the user expierence with kernel
panics.
You could read the several justifications offered in this thread and
others by engineers that have worked on, or are still working on, the
issues, rather than guessing. You are of course welcome to remain
uninformed, but it doesn't help your case.
The downside to that is, if Apple doesn't provide a regulated but
liberal interface into the kernel the developers will create their
own. With my proposed plan at least gives the user fair warning,
whereas the present solution requires me to hook it manually,
leaving the possibility i would never inform the user of the hook
and the resulting panics being perceived by the user to be Apple's
fault.
A sensible developer with care for their customers would not do
this. If you have a need for an interface that the system doesn't
expose, your first stop should be with DTS or the Apple engineers on
this list, and you would need to realise that you're not the only
stakeholder in the game. If you can't do what you want in the way
that you think you should, perhaps you need to look for a different
way, or perhaps you need to accept that it cannot be done...
Terry did say that "We hide system calls so someone
unscrupulous..." can't hook them. The act of hiding something from
a unscrupulous person directly implies the act of hiding to be a
security measure, see my first reply to him for a definition of
unscrupulous.
Whilst that may well be a definition of the term, you have
incorrectly interpreted what Terry was attempting to communicate.
= Mike
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden