Re: Building Apple Open Source Tool
Re: Building Apple Open Source Tool
- Subject: Re: Building Apple Open Source Tool
- From: Alastair Houghton <email@hidden>
- Date: Thu, 07 Mar 2019 06:18:56 +0000
On 6 Mar 2019, at 15:42, Sandor Szatmari <email@hidden> wrote:
>
> So… one solution, that works, ;) is to chown root:wheel and chmod u+s. This
> gives the binary the privs it needs. But Apple’s binary in /usr/bin does not
> employ this solution. I thought maybe I could sign it with my dev cert and
> go that route. But not sure what/how to configure. If nothing better comes
> along I can at least do this.
Apple’s version works by having the entitlement
com.apple.private.network.reserved-port, which AFAIK only works if the code
signature on the binary belongs to Apple (otherwise it’d be a massive security
hole). I think third-party software probably has to run as root in order for
rresvport() to work.
Kind regards,
Alastair.
--
http://alastairs-place.net
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden