• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Executing an application
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Executing an application

  • Subject: Re: Executing an application
  • From: Terry Lambert <email@hidden>
  • Date: Mon, 13 Oct 2008 10:47:50 -0700
There are a couple of easy answers on this, but you are not going to like them:

(1) Fix the problem and build your own kernel. Submit the patches back to Apple to increase the probability that things will be fixed the way you want them fixed.

(2) Common Criteria Auditing is narrowly defined by use model; as long as you don't use it outside the model, it remains valid. For system components shipped by a vendor, existing behaviour is technically allowed. Outside that, well, choose to use code paths involving execve () rather than posix_spawn().

Do not expect a "hot fix" for already released code, and do not any fix whatsoever unless you file a bug report through the proper channels, rather than posting on a mailing list.

-- Terry

On Oct 13, 2008, at 10:04 AM, mm w <email@hidden> wrote: 
Hi Jacques, but it's so far in the future, the needs are now
not in next release of the system, imagine if you say the same thing
on another  list about a wonderful open-system, you have to wait the
next release
of the whole operating system to correct this, it's non-sense

Cheers!

On Mon, Oct 13, 2008 at 9:44 AM, Jacques Vidrine <email@hidden> wrote: 
On Oct 11, 2008, at 9:23 PM, Todd Heberlein wrote:

Double-clicking an app will cause lauchd to fork and start the process.
One Leopard posix_spawn is used to start the new process. E.g.

Looking at the launchd source code, it looks like it sets the appropriate
audit mask *before* calling posix_spawn().

So is it possible that posix_spawn() doesn't create an audit record? This
seems challenging... there may be no way to identify in the audit trail the
name of a program started with launchd (?). This will make security auditing
difficult.

It is likely that there are some launchd code paths which do not result in
setting the audit mask before invoking posix_spawn(). There is significant
remediation and enhancement work happening in this area for Snow Leopard.



_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Executing an application

      • From: Todd Heberlein <email@hidden>
      • 

    • Re: Executing an application

      • From: "mm w" <email@hidden>
      • 





References: 


 >xnu-1228.7.58 build failure (From: Michael Reeves <email@hidden>)


 >Re: xnu-1228.7.58 build failure (From: nawcom <email@hidden>)


 >Re: xnu-1228.7.58 build failure (From: Michael Reeves <email@hidden>)


 >Re: xnu-1228.7.58 build failure (From: Michael Reeves <email@hidden>)


 >Re: xnu-1228.7.58 build failure (From: William Siegrist <email@hidden>)


 >Re: xnu-1228.7.58 build failure (From: Michael Reeves <email@hidden>)


 >Executing an application (From: Todd Heberlein <email@hidden>)


 >Re: Executing an application (From: "Greg Miller" <email@hidden>)


 >Re: Executing an application (From: Todd Heberlein <email@hidden>)


 >Re: Executing an application (From: Jacques Vidrine <email@hidden>)


 >Re: Executing an application (From: "mm w" <email@hidden>)






    

  • Prev by Date:
Re: Executing an application

    • 

  • Next by Date:
Re: Executing an application

    • 

  • Previous by thread:
Re: Executing an application

    • 

  • Next by thread:
Re: Executing an application

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •