Re: Executing an application
Re: Executing an application
- Subject: Re: Executing an application
- From: "mm w" <email@hidden>
- Date: Mon, 13 Oct 2008 10:04:44 -0700
Hi Jacques, but it's so far in the future, the needs are now
not in next release of the system, imagine if you say the same thing
on another list about a wonderful open-system, you have to wait the
next release
of the whole operating system to correct this, it's non-sense
Cheers!
On Mon, Oct 13, 2008 at 9:44 AM, Jacques Vidrine <email@hidden> wrote:
> On Oct 11, 2008, at 9:23 PM, Todd Heberlein wrote:
>
>>> Double-clicking an app will cause lauchd to fork and start the process.
>>> One Leopard posix_spawn is used to start the new process. E.g.
>>
>> Looking at the launchd source code, it looks like it sets the appropriate
>> audit mask *before* calling posix_spawn().
>>
>> So is it possible that posix_spawn() doesn't create an audit record? This
>> seems challenging... there may be no way to identify in the audit trail the
>> name of a program started with launchd (?). This will make security auditing
>> difficult.
>
> It is likely that there are some launchd code paths which do not result in
> setting the audit mask before invoking posix_spawn(). There is significant
> remediation and enhancement work happening in this area for Snow Leopard.
>
> Cheers,
> --
> Jacques
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Darwin-kernel mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
--
-mmw
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden