Re: task_for_pid fails with os/kern failure even with system.privilege.taskport
Re: task_for_pid fails with os/kern failure even with system.privilege.taskport
- Subject: Re: task_for_pid fails with os/kern failure even with system.privilege.taskport
- From: Brian Bergstrand <email@hidden>
- Date: Wed, 12 Oct 2011 14:00:07 -0500
IIRC, a self-signed cert is not acceptable. The same is true for persistent Keychain Access. You must sign with a cert that was created by a system-recognized CA.
On Oct 12, 2011, at 11:33 AM, Ben Staveley-Taylor wrote:
> I'm trying to use the task_for_pid() mach call. I've found several list posts and other items about the security requirements for this from 10.5 onwards and I believe I'm complying, but I just can't get it to work. Can anyone spot what I'm doing wrong?
>
> Setup:
> ------
>
> - Running on OS X 10.7.1
> - I created a new Cocoa application with the code snippets shown below.
> - Info.plist contains:
> <key>SecTaskAccess</key>
> <array>
> <string>allowed</string>
> <string>safe</string>
> </array>
> - The app is codesigned using a self-signed certificate.
>
> Behaviour:
> ----------
>
> - If I sudo-run the app's executable in Terminal (i.e. Test.app/Contents/MacOS/test) directly, it works
> - If I do the same without sudo, I get the output:
> system.privilege.taskport acquired
> com.apple.TextEdit pid is 2475
> Failed; machErr=(os/kern) failure (5)
>
> - If I run the .app bundle by double-clicking in Finder, or in Terminal using "open Test.app" or "sudo open Test.app" it also fails in the same way.
>
> So in the failure cases I'm told that I do have system.privilege.taskport rights, but task_for_pid() then fails. What vital step am I missing?
>
> Many thanks if you can help,
>
> Ben Staveley-Taylor
> email@hidden
>
>
>
>
> Code:
> -----
>
> ProcessSerialNumber psn;
>
> // Get pid of TextEdit, assuming it is running
> NSString *targetProcessBundle = @"com.apple.TextEdit";
> if (FindPSNForBundleID(targetProcessBundle, &psn) == noErr) {
>
> // I don't think this should be necessary, but done for verification
> OSStatus osErr = AcquireTaskportRight();
>
> if (osErr == noErr)
> {
> // Convert PSN to PID.
> pid_t pid;
> GetProcessPID( &psn, &pid );
> NSLog(@"%@ pid is %d", targetProcessBundle, pid);
>
> mach_port_t remoteTask = 0;
> mach_error_t machErr = task_for_pid( mach_task_self(), pid, &remoteTask );
>
> if (machErr == 0) {
> NSLog(@"Success");
> }
> else {
> const char *msg = mach_error_string(machErr);
> NSLog(@"Failed; machErr=%s (%d)", msg, (int)machErr);
> }
> }
> }
>
>
>
>
> OSStatus AcquireTaskportRight() {
>
> OSStatus stat = noErr;
> AuthorizationItem taskport_item[] = {
> {"system.privilege.taskport"},0,0,0
> };
> AuthorizationRights rights = {1, taskport_item}, *out_rights = NULL;
> AuthorizationRef authRef;
> AuthorizationFlags auth_flags = kAuthorizationFlagExtendRights | kAuthorizationFlagPreAuthorize;
>
> stat = AuthorizationCreate (NULL, kAuthorizationEmptyEnvironment, auth_flags, &authRef);
>
> if (stat == errAuthorizationSuccess) {
> stat = AuthorizationCopyRights ( authRef, &rights, kAuthorizationEmptyEnvironment, auth_flags, &out_rights);
> }
>
> if (stat == errAuthorizationSuccess) {
> NSLog(@"system.privilege.taskport acquired");
> }
> else {
> NSLog(@"Failed to acquire system.privilege.taskport right. Error: %d", (int)stat);
> }
>
> return stat;
> }
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Darwin-dev mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden