site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com On Oct 3, 2008, at 8:02 PM, Damien Sorresso wrote: - Jordan _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... The pref pane includes a setuid helper application that does proper authorization, etc. Your privileged operations should be done in your daemon. We heavily discourage the use of setuid tools, and we're actively trying to cleanse the system of them. Just so I understand what you're advocating here... Are you seriously suggesting that the entire daemon should be privileged rather than using a privilege-separated helper tool? That seems to run counter to generally accepted security practices (make privileged things as small as possible), so I must be mis-parsing your recommendations here... This email sent to site_archiver@lists.apple.com