Re: Kern ext. message "An item in the Startup Items folder...Fix"
Re: Kern ext. message "An item in the Startup Items folder...Fix"
- Subject: Re: Kern ext. message "An item in the Startup Items folder...Fix"
- From: Cliff Russell <email@hidden>
- Date: Mon, 6 Feb 2006 21:08:52 -0800
John,
I don't think it's that simple.
I think you'll find that a lot of third party drivers, especially
authors of kernel extensions that need to participate in the boot
process or driver matching will install their kernel extension in /
System/Library/Extensions.
In fact, in "I/O Kit Device Driver Design Guidlines" under "Packaging
Drivers for Installation" you'll see a note talking about using
creating a package to install your kernel extension in /System/
Library/Extensions (see <http://developer.apple.com/documentation/
DeviceDrivers/Conceptual/WritingDeviceDriver/index.html>)
I can't find any Apple documentation indicating that third parties
should not install their kernel extensions in /System/Library/
Extensions.
Yes, /System is Apple owned, but I think this is an exception to that
rule. As well Startup Items are deprecated on 10.4. (see <http://
developer.apple.com/technotes/tn2005/tn2083.html>)
Alain needs to decide where his extensions needs to be installed. I
think if his extension needs to run everytime the machine boots and
he sets up the appropriate matching information
then /System/Library/Extensions is reasonable, but perhaps there is
some other requirement to his extension that I don't know about and
loading from somewhere else makes sense.
--
Cliff
On 6-Feb-06, at 7:28 PM, John Davidorff Pell wrote:
Its not a dumb question to someone who doesn't know the answer, but
the answer is simple: Apple owns /System. No third party should
ever install anything in /System. A startup script to load an
external kext is the correct way to load a kext at startup.
JP
On 6 Feb 2006, at 10:32, Cliff Russell wrote:
Alain,
This may be a dumb question with a clever answer but, if your
startup scipt looks like this:
#!/bin/sh
/sbin/kextload /Library/StartupItems/MyKern/MyKern.kext
then it seems like you want you KEXT to be loaded everytime the
machine boots.
If that's the case, why don't you put your KEXT in /System/Library/
Extensions? There are a couple circumstances where is makes sense
to not put your kernel extension in /S/L/E, but to me this doesn't
seem to be one of them
--
Cliff
On 6-Feb-06, at 1:28 AM, Stephane Sudre wrote:
On 4 févr. 06, at 17:47, Peter Lovell wrote:
On Feb 4, 2006, at 8:00 AM, Alain Birtz wrote:
After the restart Mac OS X send this message dot thef the
kernel extention myKern
An item in the Startup Items folder ("/Library/StartupItems/
myKern")
does not have the proper security settings." Options are to
"Disable"
or "Fix" (or "Decide Later" to change nothing).
The permission, owner and group of the kernel extention files
seem exactly the same
after and before the "Fix". Do I miss something ?
Hi Alain,
I had thought, actually, that "Fix" was no longer an option.
The general rules for kexts are that all items be owned by
root:wheel (uid:gid is 0:0) and that nothing be writable except
by root. That usually translates to mode 755 for directories and
644 for files.
Starting with 10.4, I think every file/folder within the
StartupItems folder need to be owned by root:wheel, not just the
kext. Someone probably realized the main security flaw was not
with kexts but with startup scripts...
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
@atimi.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40mac.com
This email sent to email@hidden
----
It's all fun and games 'til someone writes to a NULL pointer!
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden