site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Hi Garth, On 7/31/06 at 3:30 PM, gcummings@apple.com (Garth Cummings) wrote:

Hi Jeffrey,

On Jul 31, 2006, at 3:19 PM, Jeffrey Johnson wrote:

...

We're making a universal binary of an app that calls task_for_pid () on PPC to gather cputime statistics on demand for its child processes and displays the stats in a window in a ps-like fashion. (We retrieved the source for ps and found the task_for_pid () call).

Alas, task_for_pid has gone privileged on Intel, and since ps is SUID root, I assume ps is still using task_for_pid. But we can't, since we're not (and don't want to be) run as root.

If you want to get your current code to work, the recommended way to do this is to factor out the stuff that has to run privileged into a separate setuid root tool. Take a look at "Performing Privileged Operations with Authorization Services" for details:

<http://developer.apple.com/documentation/Security/Conceptual/ authorization_concepts/index.html>.

More info can be found via the Security topic page:

<http://developer.apple.com/security>.

Thanks, but this seems like overkill just to get CPU stats for processes we own. We don't require any authorization dialogs anywhere (drag across install) and some of our customers are in some, ah, slighly paranoid environments where a third party SUID-root tool would put us at a disadvantage because they'd have to spend resources auditing the tool (and our competitors don't have any such tools to audit). We may have to end up shelling out to ps on intel boxes... Thanks Jeffrey Johnson Macintosh Development Wavefunction, Inc. _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com