Re: Building Apple Open Source Tool
Re: Building Apple Open Source Tool
- Subject: Re: Building Apple Open Source Tool
- From: Sandor Szatmari <email@hidden>
- Date: Thu, 07 Mar 2019 09:06:03 -0500
> On Mar 7, 2019, at 01:18, Alastair Houghton <email@hidden>
> wrote:
>
>> On 6 Mar 2019, at 15:42, Sandor Szatmari <email@hidden>
>> wrote:
>>
>> So… one solution, that works, ;) is to chown root:wheel and chmod u+s. This
>> gives the binary the privs it needs. But Apple’s binary in /usr/bin does
>> not employ this solution. I thought maybe I could sign it with my dev cert
>> and go that route. But not sure what/how to configure. If nothing better
>> comes along I can at least do this.
>
> Apple’s version works by having the entitlement
> com.apple.private.network.reserved-port, which AFAIK only works if the code
> signature on the binary belongs to Apple (otherwise it’d be a massive
> security hole). I think third-party software probably has to run as root in
> order for rresvport() to work.
That’s what I was afraid of, but just wasn’t confident enough about to be sure
of that conclusion.
Thanks,
Sandor
>
> Kind regards,
>
> Alastair.
>
> --
> http://alastairs-place.net
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden