• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: cups
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cups

  • Subject: Re: cups
  • From: Prokash Sinha <email@hidden>
  • Date: Thu, 21 Dec 2017 11:33:10 -0800
I just tried on a native OS  10.13.N. The behavior I see is that the cups (
debug build with bonafide App signature , and using xattr -c cupsd on the debug
build ) it does not get loaded using Keep Alive ). As soon as I replaced with
the original one ( Apple signed ) it automatically gets loaded & running.

So I don’t know if this is really hardened or not.

Any hint ?

Thanks,
Prokash

> On Dec 21, 2017, at 8:42 AM, Prokash Sinha <email@hidden> wrote:
>
> Thanks much!
> SIP is always disabled on my test machine. I did basically did the some steps
> and I see sometime it is able to start the new cupsd debug binary, some other
> time it does not ( that I need to figure out ). Also after attaching it, I
> need to break into it. I put lots of Xcode break points, still not able to
> break into it. Somehow I’m missing something.
>
> Need to read more code paths …
>
> -Pro
>> On Dec 20, 2017, at 7:14 PM, nawcom <email@hidden> wrote:
>>
>> assuming you have system integrity protection disabled for /usr/sbin write
>> access, just rename the binary to something else (cupsd.orig) while it's
>> still running and place your compiled version in its place. then run "sudo
>> pkill cupsd" and when launchd attempts to restart its process (due to its
>> KeepAlive plist key) it'll be running your version in its place. you don't
>> necessarily need to have the program killed in order to modify or replace
>> its binary since you loaded it into memory by executing it.
>>
>>> On Dec 20, 2017, at 17:27, Prokash Sinha <email@hidden> wrote:
>>>
>>> Folks,
>>>
>>> How do I debug cupsd ?
>>>
>>> Basically I need to find some path of execution of the daemon.
>>>
>>> What I’m trying to do is to have a debug build from the Apple source, and
>>> replace it in /usr/sbin  after stoping the service first. Is this possible
>>> ? If so, then I can debug using Xcode.
>>>
>>> otherwise I will have to use lldb ( to attach to the process and look thru
>>> back traces of release code — harder approach !!
>>>
>>> Looking for a way to stop using launchctl command, replace the binary,
>>> restart.
>>>
>>> Thanks,
>>> Prokash
>>>
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Darwin-kernel mailing list      (email@hidden)
>>> Help/Unsubscribe/Update your Subscription:
>>>
>>> This email sent to email@hidden
>

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >cups (From: Prokash Sinha <email@hidden>)

  • Prev by Date: Re: cups
  • Previous by thread: Re: cups
  • Index(es):
    • Date
    • Thread