Re: Executing an application
Re: Executing an application
- Subject: Re: Executing an application
- From: Todd Heberlein <email@hidden>
- Date: Sat, 11 Oct 2008 21:23:39 -0700
Double-clicking an app will cause lauchd to fork and start the
process. One Leopard posix_spawn is used to start the new process.
E.g.
Looking at the launchd source code, it looks like it sets the
appropriate audit mask *before* calling posix_spawn().
So is it possible that posix_spawn() doesn't create an audit record?
This seems challenging... there may be no way to identify in the audit
trail the name of a program started with launchd (?). This will make
security auditing difficult.
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden