Re: Kernel NKE projects user space daemon.
Re: Kernel NKE projects user space daemon.
- Subject: Re: Kernel NKE projects user space daemon.
- From: matt jaffa <email@hidden>
- Date: Tue, 3 Jan 2006 13:57:50 -0700
Unfortunately p_comm will not work in my case. I will be displaying to the user what application is trying to send data out and they will get to choose whether to accept it or reject it. So the full path is required so the user knows where the application is located exactly.
Is there any other way in my daemon can accomplish this as non-root? I like Brian's question:
"Is there some other way for a non-root process to get the full exec
path of any other process (including root owned)?"
Thanks,
Matt
On 1/3/06, Brian Bergstrand <email@hidden> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jan 3, 2006, at 1:15 PM, Mike Smith wrote:
>
> On Jan 3, 2006, at 8:31 AM, matt jaffa wrote:
>
>> I have a NKE project that needs a user space daemon to be running
>> to get information back from the user.
>> I have this working and everything, and have a daemon launched for
>> each individual user that runs the program.
>>
>> I have my user space daemon with these privileges, 4755, which
>> means the setuid bit is set for my daemon executable so that it
>> can elevate itself to perform a process id lookup. My question is
>> what does Apple/Security feel about my application having the
>> setuid bit set?
>
> Matt,
>
> Firstly, many thanks for picking a sensible architecture for your
> application.
>
> I'm a little confused about "perform a process id lookup" though.
> What are you trying to do, and what specific interface(s) are you
> using that require privilege?
I think he means that KERN_PROCARGS returns an error when you try to
get info about processes running with a different uid than the
calling application (unless you are root). In my case I only care
about the full exec path and not the program args.
However, KERN_PROC_PID can be used to get the process struct of any
process from a non-root app and the kp_proc.p_comm member will give
you a limited name (16 bytes and not the full path). The full path is
very useful for use as an arg to LSCopyDisplayNameForURL(), but pcomm
suffices as a fall back.
Is there some other way for a non-root process to get the full exec
path of any other process (including root owned)?
Here's my function that wraps this all up (there's a little ObjC, but
nothing that can't be substituted easily):
static id path_for_pid(int32_t pid, BOOL *isFullPath)
{
size_t arglen;
int mib[4] = {CTL_KERN, 0, 0, 0};
NSString *path = nil;
mib[1] = KERN_PROCARGS2;
mib[2] = pid;
arglen = argmax; // KERN_ARGMAX
char *cmdargs = malloc(argmax+1);
if (cmdargs && 0 == sysctl(mib, 3, cmdargs, &arglen, NULL, 0)) {
*(cmdargs+(arglen-1)) = '\0'; // Just in case
// argc is first for KERN_PROCARGS2, so skip the size of an int
// the command path is next
path = [NSString stringWithCString:(cmdargs + sizeof(int))
encoding:NSUTF8StringEncoding];
* isFullPath = YES;
} else if (EINVAL == errno) {
// sysctl prevents non-root procs from accessing other users
proc args
mib[1] = KERN_PROC;
mib[2] = KERN_PROC_PID;
mib[3] = pid;
struct kinfo_proc p;
arglen = sizeof(p);
if (0 == sysctl(mib, 4, &p, &arglen, NULL, 0))
path = [NSString stringWithCString:
p.kp_proc.p_comm
encoding:NSUTF8StringEncoding];
* isFullPath = NO;
}
if (cmdargs)
free(cmdargs);
return (path);
}
HTH.
Brian Bergstrand
<
http://www.bergstrand.org/brian/> PGP Key ID: 0xB6C7B6A2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFDuuFAedHYW7bHtqIRAldiAKCetGWizvKF7cJ3lOBWeSwwjql0BgCgsj0+
8E0XQru5B+Ab8JxAm04aT48=
=9KNI
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden