site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com On 6 Mar 2019, at 15:42, Sandor Szatmari <admin.szatmari.net@gmail.com> wrote:

So… one solution, that works, ;) is to chown root:wheel and chmod u+s. This gives the binary the privs it needs. But Apple’s binary in /usr/bin does not employ this solution. I thought maybe I could sign it with my dev cert and go that route. But not sure what/how to configure. If nothing better comes along I can at least do this.

Apple’s version works by having the entitlement com.apple.private.network.reserved-port, which AFAIK only works if the code signature on the binary belongs to Apple (otherwise it’d be a massive security hole). I think third-party software probably has to run as root in order for rresvport() to work. Kind regards, Alastair. -- http://alastairs-place.net _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.app... This email sent to site_archiver@lists.apple.com