site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... On Aug 15, 2007, at 7:24 PM, Terry Lambert wrote: We hide system calls so someone unscrupulous does not overwrite their entry points with jump instructions to their own code, perhaps thinking that we do not change locking or other implementations details in software updates. If you need to trap and/or prevent this type of operation for legitimate reasons, use kauth instead. How is that going to prevent any unscrupulous people from hooking into the kernel? I'm baffled. An unscrupulous person most likely doesn't care at all if his code runs with the next software update. By the time the next software update comes around, he already did his key-logging, ran his daemons and potentially completely compromised the system. Do we *really* need to send a feature request to harden the security on the kernel and provide a truly authorized KPI for legitimate patches? This email sent to site_archiver@lists.apple.com