On 18 Nov 2009, at 15:13, Uli Kusterer wrote:
> Well, that'd mean we'd be writing potentially security-unsafe root-daemon code (in addition to our other two executables).
Not necessarily. You can write a Mach server that doesn't need to run as root (that's how the sample program I wrote works; it runs just fine as the current user). Even if you're using launchd, you can tell it to execute your server as some user besides root, though---depending on what exactly you're trying to do---
> I'd rather trust Apple wrote their bootstrap server correctly (and it gets exercised a lot more than we alone could do it).
> Can you elaborate what you mean by "putting random ports in the bootstrap namespace" seeming to be "evil"? It seems to me it was made for exactly that?
I should qualify my statement---it really depends on how many you plan to put in there, and what they're there for. In the previous named-semaphore case, it seems sensible for them to have their own separate namespace and it would be evil to put potentially large numbers of named semaphores in that namespace because of the potential for namespace collisions with other things.
Personally I would tend to stick named server ports in there (for which you *don't* need bootstrap_register()), though you're right that you could make an exception for the odd one-off. This is a moot point though, because bootstrap_register() is deprecated, and you'd need to use it to do that... for servers you *don't* need bootstrap_register() because bootstrap_checkin() is sufficient and will create the server port for you.
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden