Re: launchd daemon, spawning children?
Re: launchd daemon, spawning children?
- Subject: Re: launchd daemon, spawning children?
- From: Terry Lambert <email@hidden>
- Date: Thu, 25 Sep 2008 11:21:05 -0700
On Sep 25, 2008, at 9:50 AM, Mario Emmenlauer wrote:
Hi,
2) I haven't tried pthread_start(), but its very likely to be equal
This should have been posix_spawn(), not pthread_start()... but come
on,
they do sound similar :-D
posix_spawn() is morally equivalent to a vfork() followed by an
execve(), with the ability to do a limited set of intermediate work in
between.
Part of the limited set of work is controlled by the flags set via
posix_spawnattr_setflags(), and one of those flags is
POSIX_SPAWN_RESETIDS.
Depending on how you are running the parent process at the time of the
spawn, you can either set this flag, and inherit the real uid/gid, or
not set the flag and inherit the effective uid/gid.
Since we support proper security partitioning (POSIX saved IDs + non-
library setreuid() and setregid()), your most correct path would be to
run as root and:
oldeuid = geteuid();
oldegid = getgid();
realoldgroupcount = getgroups(16, oldsgrouplist);
seteuid(neweuid);
posix_spawn(...)
seteuid(oldeuid);
setgroups(realoldgroupcount, newgroupslist);
setegid(newgid);
...the get and setegid are not necessary on MacOS X, since they are
included in the supplementary groups list, but you will include them
if you want your code to be portable to e.g. Solaris.
-- Terry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden