| I just try to create a simple tool that required task_for_pid, and following the lldb instruction (reboot required), it works nicely.
Note that to use task_for_pid(), you don't have to do anything like creating authorization. Just call it, and it works (if your executable is properly signed, and the plist is properly embedded in your tool).
I just tried the following snippet:
#include <stdlib.h> #include <mach/mach.h>
int main(int argc, char **argv) { if (argc < 2) return 1;
int pid = strtol(argv[1], NULL, 10);
mach_port_t remoteTask = 0; kern_return_t kr = task_for_pid( mach_task_self(), pid, &remoteTask); if (kr != 0) mach_error("task_for_pid", kr);
return 0; }
----- Info.plist <?xml version="1.0" encoding="UTF-8"?> <plist version="1.0"> <dict> <key>CFBundleDevelopmentRegion</key> <string>English</string> <key>CFBundleIdentifier</key> <string>com.apple.lldb</string> <key>CFBundleInfoDictionaryVersion</key> <string>6.0</string> <key>CFBundleName</key> <string>lldb</string> <key>CFBundleVersion</key> <string>2</string> <key>SecTaskAccess</key> <string>allowed</string> <string>safe</string> </array> </dict> </plist>
---------
clang -o test test.c -Wl,-sectcreate,__TEXT,__info_plist,Info.plist ./test 368 task_for_pid (os/kern) failure codesign -s lldb_codesign test ./test 368 # no error message
Le 13 oct. 2011 à 13:21, Ben Staveley-Taylor a écrit : Thanks to all for your replies. I've tried Jean-Daniel's excellent lldb steps for fully trusting a self-signed certificate, and I have today also tried creating a different code signing certificate from an external CA (not a public one, just company test one, but still set up such that the Mac has an entry for the CA as a trusted root.) In both cases this has now removed the need to interactively authenticate once per login, but I still get the same problem as I have always had: if I run from Terminal using sudo, the task_for_pid() call succeeds. If I run any other way, either from Terminal not using sudo, or interactively from the Finder, I get told that I do have the correct privilege, but then the call fails. (Output from the code in my original post; I won't re-post it again) system.privilege.taskport acquired com.apple.TextEdit pid is <id> Failed; machErr=(os/kern) failure (5) Is there a way to get a bit more diagnostic info on what is causing the failure that might give me a clue? Thanks, -- Ben. On 13 Oct 2011, at 09:23, Jean-Daniel Dupas wrote: Not true. It's perfectly possible to use a self signed cert, as long as it is properly installed.
I'm using custom lldb build that required to be signed to works, and didn't have issue with a self signed cert.
The instruction to sign lldb are available here. The interesting section is the one that start with:
«The next steps are necessary on SnowLeopard, but are probably because of a bug
how Keychain Access makes certificates.
[Note: These also apply for Lion.]»
|