Re: launchd and programmatic access
Re: launchd and programmatic access
- Subject: Re: launchd and programmatic access
- From: "Jordan K. Hubbard" <email@hidden>
- Date: Fri, 3 Oct 2008 22:05:20 +0200
On Oct 3, 2008, at 8:02 PM, Damien Sorresso wrote:
The pref pane includes a setuid helper application that does proper
authorization, etc.
Your privileged operations should be done in your daemon. We heavily
discourage the use of setuid tools, and we're actively trying to
cleanse the system of them.
Just so I understand what you're advocating here... Are you seriously
suggesting that the entire daemon should be privileged rather than
using a privilege-separated helper tool? That seems to run counter to
generally accepted security practices (make privileged things as small
as possible), so I must be mis-parsing your recommendations here...
- Jordan
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden