Executing an application
Executing an application
- Subject: Executing an application
- From: Todd Heberlein <email@hidden>
- Date: Fri, 10 Oct 2008 14:24:07 -0700
Apple recently updated its BSM audit trail for Leopard (i.e., made it
work), but there is one thing that I find strange that maybe someone
can help me with: When launching an application from the dock (or
finder), there is no exec() system call. Does Apple launch its
application by some other means?
For example, clicking on Safari on the dock (and with all audit
records turned on), there is no exec() or equivalent system call in
the audit trail. However, the binary file is read() in. For example,
there is a
stat() /Applications/Safari.app/Contents/MacOS/Safari
open() /Applications/Safari.app/Contents/MacOS/Safari
close() /Applications/Safari.app/Contents/MacOS/Safari
but no exec() type operation on the file.
Is this because, despite the "all" flag set for audit, the appropriate
exec() actually is *not* audited?
Can the open() for reading somehow be doing the exec()?
If I launch the application in a shell by typing in the full path
above in the , I do see an exec system call. Anyone know what the
story is? Should I file a bug report with Apple?
Thanks,
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden