Re: KUNCUserNotificationCallBack
Re: KUNCUserNotificationCallBack
- Subject: Re: KUNCUserNotificationCallBack
- From: Quinn <email@hidden>
- Date: Mon, 20 Aug 2007 09:50:05 +0100
At 23:28 -0700 17/8/07, Eric Long wrote:
Well, that is the fundamental problem. launchd is seriously broken on
10.4.x. It attempts to launch gui agents in non-gui sessions. The only
option left is a log-in item. I can make an app to keep up my agent in
place of launchd, but it doesn't get run as root, so it's vulnerable.
I think you're mixing up what launchd will do. By definition an
agent is running on behalf of a particular user, and thus doesn't run
as root. Also:
o Running a GUI program as root is /strongly/ discouraged.
o Vulnerable to what, exactly?
o Authorization Services already has an architecture for running
GUI-oriented security code as a trusted user that is not run (uid 92,
"securityagent"). This is the user that displays the standard
authorisation dialogs, and that's one of the many reasons we
recommend that you do authorisation via Authorization Services.
Share and Enjoy
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden