• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Current active login session
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Current active login session

  • Subject: Re: Current active login session
  • From: Antoine Missout <email@hidden>
  • Date: Mon, 23 Aug 2010 10:08:23 -0400
Nevermind, I'm guessing we could make it so the daemon confirms with the user by using the Authorization Services API.
Thanks for all the questions, comments and answers.
- Antoine



On Aug 23, 2010, at 8:06 AM, Antoine Missout wrote:

> What about the status menu item, which in our agent currently allows the user to temporarily disable rules?
>
> - Antoine
>
>
>
> On Aug 23, 2010, at 5:11 AM, Quinn The Eskimo! wrote:
>
>>
>> On 20 Aug 2010, at 14:34, Antoine Missout wrote:
>>
>>> We police network connection in a similar manner to Little Snitch. Network connections can be either denied, allowed, or up to the user to decide in an interactive manner.
>>
>> Ultimately this boils down to a question of trust.  You want to be able to trust that the actual user, not some bogus software running inside the user's context, is answering your questions.  This presents a real difficulty:
>>
>> o only user-level software is allowed to talk to the GUI
>>
>> o user-level software can be subverted
>>
>> You can resolve this paradox using the Authorization Services API.  This allows your daemon to request authorisation for some operation ("allow this TCP connection?", for example) and have the UI that asks that question run in a trusted GUI environment that's not under the control of the user (the SecurityAgent process).  The mechanics of making this work are going to be a little tricky.  You will almost certainly need an authorisation plug-in to run your GUI.  You're also going to need something in the user's context that checks in and out with your daemon.
>>
>> S+E
>> --
>> Quinn "The Eskimo!"                    <http://www.apple.com/developer/>
>> Apple Developer Relations, Developer Technical Support, Core OS/Hardware
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Darwin-kernel mailing list      (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Darwin-kernel mailing list      (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Current active login session (From: Antoine Missout <email@hidden>)
 >Re: Current active login session (From: "Quinn \"The Eskimo!\"" <email@hidden>)
 >Re: Current active login session (From: Antoine Missout <email@hidden>)
 >Re: Current active login session (From: "Quinn \"The Eskimo!\"" <email@hidden>)
 >Re: Current active login session (From: Antoine Missout <email@hidden>)
 >Re: Current active login session (From: "Quinn \"The Eskimo!\"" <email@hidden>)
 >Re: Current active login session (From: Antoine Missout <email@hidden>)
 >Re: Current active login session (From: "Quinn \"The Eskimo!\"" <email@hidden>)
 >Re: Current active login session (From: Antoine Missout <email@hidden>)

  • Prev by Date: Re: Current active login session
  • Next by Date: Re: Synchronous communication for Antivirus application.
  • Previous by thread: Re: Current active login session
  • Next by thread: Re: Current active login session
  • Index(es):
    • Date
    • Thread