site_archiver@lists.apple.com Delivered-To: Darwin-dev@lists.apple.com Le 5 juin 08 à 10:30, Graham.Lee@sophos.com a écrit : darwin-dev-bounces+graham.lee=sophos.com@lists.apple.com wrote on 2008-06-05 09:26:08: http://developer.apple.com/releasenotes/Security/RN-CodeSigning/ "[…]unsigned code will not be allowed to execute the task_for_pid(3) system call unless it is running as root." Cheers, Graham. _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com Oh, when I run this with sudo, it works well. And I found this comment in /private/etc/authorization: Used by task_for_pid(...). Task_for_pid is called by programs requesting full control over another program for things like debugging or performance analysis. This authorization only applies if the requesting and target programs are run by the same user; it will never authorize access to the program of another user. But why task_for_pid() still failed though same user? How does gdb can work without sudo? I just want to implement a tool to collect some information of my application. As taskgated is launched using the -p argument (according to the corresponding launchd propertylist), using the Tiger way should works too, and does not require that you sign the code (ie, a process with a primary effective group of procmod or procview is allowed to get task ports). smime.p7s