site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com I've traced that to this code: -==- Jack Repenning jackrepenning@tigris.org Project Owner SCPlugin http://scplugin.tigris.org "Subversion for the rest of OS X" _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... I'm a bit unsure if this is the right list -- sorry if not -- but the archives are well populated with related stuff, so I'm encouraged, yet not quite this stuff, so I ask: My program (a Finder plug-in, actually) works fine in Tiger, but logs messages like this in Leopard: 11/30/07 2:45:55 PM SCPluginUIDaemon[14305] *** CFMessagePort: bootstrap_register(): failed 1100 (0x44c) 'Permission denied', port = 0x3d03, name = 'org.tigris.scfinderplugin.overlaymessage' See /usr/include/servers/bootstrap_defs.h for the error codes. 11/30/07 2:45:55 PM com.apple.launchd[145] (0x111000.SCPluginUIDaemo[14305]) Check-in of Mach service failed. PID 14305 is not privileged: org.tigris.scfinderplugin.overlaymessage gMessagePort = CFMessagePortCreateLocal (NULL, CFSTR(kSCPlugin_OverlayMessagePort), SCOverlayMessageCallback, &context, NULL); The program misbehaves in user-visible ways as well (sometimes fails to badge Finder icons), which I suspect are caused by this situation, since that's what this port is all about. It's a fairly decent message, as messages go: I think I grok a fair bit about what it's telling me (short form, "you can't do that"). Since it works in Tiger, it appears the security bar was raised in Leopard (a good thing in general, I suppose). But what's not clear to me is, what do I do about this? I'm legit! How do I prove that? Must I transform my program into a set-uid? Is there another communication technique I should be using in order to avoid the need to become All Powerful? The process is a sort of a daemon: that is, it's an autonomous, faceless process (not formally a daemon, no monkey shines with I/O streams or process groups or identity). It's launched by side effect when Finder first materializes its contextual menu; hence, it has the same identity as Finder, which is to say "whoever you are." We have an ordinary Finder contextual menu plug-in as well, which does that launching thing, and then chats with the daemon over this port. We've considered (for other reasons) rearranging the daemon into a LaunchDaemon/Agent ... has that time now come, is that the only way out of these woods? This email sent to site_archiver@lists.apple.com