Re: Load kext from app bundle on Snow Leopard?
Re: Load kext from app bundle on Snow Leopard?
- Subject: Re: Load kext from app bundle on Snow Leopard?
- From: Dean Reece <email@hidden>
- Date: Thu, 22 Oct 2009 09:00:14 -0700
On Oct 22, 2009, at 8:38 AM, Brian Bergstrand wrote:
KEXT's load in the kernel, thus require root to load and also
require root ownership on disk. This is basic security practices. It
would be an easy exploit vector otherwise.
3rd party kexts should be placed in /Library/Extensions (NOT /S/L/E)
by an Installer or by an app that authenticates itself and copies a
KEXT from its bundle to /L/E with the proper permissions. KEXTs
installed in /L/E do not affect the boot caches.
This is not correct. 3rd party extensions must NOT be placed in /
Library/Extensions. That path is reserved for future use, and kexts
placed there may not behave as expected in the future.
All kexts, including 3rd party kexts, intended to be auto-loaded by
the OS (such as when specific hardware is detected) must be installed
in /System/Library/Extensions.
3rd party kexts that do not need to auto-load may either be installed
in /S/L/E, or may live within the Application's bundle, or in some
other location that contains support elements for the app. The app
can load the kext when it needs it by invoking kextload. As of
SnowLeopard, kextload does not need to be run as root if the kext's
plist contains the "OSBundleAllowUserLoad". If the kext does not have
this property (or on older OS releases), then kextload must be run as
root.
On all OS releases, and regardless of install location, kexts (and all
files within) must be owned by root:wheel, and must not be writable by
non-root users.
The only reason to install in /S/L/E is if the KEXT is needed to
boot the OS from disk.
Any kext (boot or otherwise) that needs to be auto-loaded by the OS
must be installed in /S/L/E.
Thanks,
- Dean
On Oct 22, 2009, at 6:15 PM, lbland wrote:
hi-
Has Snow Leopard kextd evolved to the point where I can load a kext
from an app bundle (on demand when the app launches), or do I still
need to require users to run an Installer with admin privilege to
install kext bundles to /System/Library/Extensions ?
ps - I only want to load from app bundle if it doesn't rebuild the
kext cache on every app launch.
... also, sorry for the crosspost and repost; just some interesting
shop talk, nothing dramatic, but it would be nice to drag and drop
an app instead of having to run an Installer.
thanks!-
-lance
Brian Bergstrand
<http://www.bergstrand.org/brian/> PGP Key ID: 0xB6C7B6A2
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden