• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Kernel NKE projects user space daemon.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kernel NKE projects user space daemon.

  • Subject: Re: Kernel NKE projects user space daemon.
  • From: matt jaffa <email@hidden>
  • Date: Tue, 3 Jan 2006 13:14:03 -0700
So my NKE gets the pid of the process sending information out. I send this pid to a daemon that will lookup that process path based on the pid using the sysctl KERN_PROC methods. But this sysctl will fail if it is looking up the path on a process owned by root. So my daemon has to be running as root to get this info, and I want to be able to have a daemon for each logged in user so the UI can be displayed to the current active user.
 
I could spawn a process with popen ( ps ) and gather the path that way, but ps will be spawned everytime I get a new pid my NKE doesn't know about. Is this a bad thing? Spawning a lot of little "ps" just to get this information.
 
Thanks,
Matt

 
On 1/3/06, Mike Smith <email@hidden> wrote:

On Jan 3, 2006, at 8:31 AM, matt jaffa wrote:

> I have a NKE project that needs a user space daemon to be running
> to get information back from the user.
> I have this working and everything, and have a daemon launched for
> each individual user that runs the program.
>
> I have my user space daemon with these privileges, 4755, which
> means the setuid bit is set for my daemon executable so that it can
> elevate itself to perform  a process id lookup. My question is what
> does Apple/Security feel about my application having the setuid bit
> set?

Matt,

Firstly, many thanks for picking a sensible architecture for your
application.

I'm a little confused about "perform a process id lookup" though.
What are you trying to do, and what specific interface(s) are you
using that require privilege?

As a general rule, having your daemon run setuid inside the user's
environment is discouraged.

= Mike

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Kernel NKE projects user space daemon.
      • From: Mike Smith <email@hidden>
References: 
 >Kernel NKE projects user space daemon. (From: matt jaffa <email@hidden>)
 >Re: Kernel NKE projects user space daemon. (From: Mike Smith <email@hidden>)

  • Prev by Date: Re: Kernel NKE projects user space daemon.
  • Next by Date: Re: Kernel NKE projects user space daemon.
  • Previous by thread: Re: Kernel NKE projects user space daemon.
  • Next by thread: Re: Kernel NKE projects user space daemon.
  • Index(es):
    • Date
    • Thread