• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Executing an application
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Executing an application

  • Subject: Re: Executing an application
  • From: "Greg Miller" <email@hidden>
  • Date: Fri, 10 Oct 2008 16:11:23 -0700


On Fri, Oct 10, 2008 at 2:24 PM, Todd Heberlein <email@hidden> wrote:
Apple recently updated its BSM audit trail for Leopard (i.e., made it work), but there is one thing that I find strange that maybe someone can help me with: When launching an application from the dock (or finder), there is no exec() system call. Does Apple launch its application by some other means?

For example, clicking on Safari on the dock (and with all audit records turned on), there is no exec() or equivalent system call in the audit trail. However, the binary file is read() in. For example, there is a

stat()          /Applications/Safari.app/Contents/MacOS/Safari
open()  /Applications/Safari.app/Contents/MacOS/Safari
close() /Applications/Safari.app/Contents/MacOS/Safari

but no exec() type operation on the file.

Is this because, despite the "all" flag set for audit, the appropriate exec() actually is *not* audited?
Can the open() for reading somehow be doing the exec()?

If I launch the application in a shell by typing in the full path above in the , I do see an exec system call. Anyone know what the story is? Should I file a bug report with Apple?

Double-clicking an app will cause lauchd to fork and start the process. One Leopard posix_spawn is used to start the new process. E.g.

$ sudo dtrace -n 'syscall::posix_spawn: / execname == "launchd" / { trace(pid); trace(copyinstr(arg1)) }' 
# The click something in the Dock...
dtrace: description 'syscall::posix_spawn: ' matched 2 probes
CPU     ID                    FUNCTION:NAME
  1  18084                posix_spawn:entry     17049  /Applications/iCal.app/Contents/MacOS/iCal

HTH,
G~

 


Thanks,

Todd

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden



--
Greg Miller
email@hidden
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Executing an application
      • From: Todd Heberlein <email@hidden>
References: 
 >xnu-1228.7.58 build failure (From: Michael Reeves <email@hidden>)
 >Re: xnu-1228.7.58 build failure (From: Shantonu Sen <email@hidden>)
 >Re: xnu-1228.7.58 build failure (From: nawcom <email@hidden>)
 >Re: xnu-1228.7.58 build failure (From: Michael Reeves <email@hidden>)
 >Re: xnu-1228.7.58 build failure (From: Michael Reeves <email@hidden>)
 >Re: xnu-1228.7.58 build failure (From: William Siegrist <email@hidden>)
 >Re: xnu-1228.7.58 build failure (From: Michael Reeves <email@hidden>)
 >Executing an application (From: Todd Heberlein <email@hidden>)

  • Prev by Date: Re: Executing an application
  • Next by Date: Re: Executing an application
  • Previous by thread: Re: Executing an application
  • Next by thread: Re: Executing an application
  • Index(es):
    • Date
    • Thread