site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com On Aug 15, 2007, at 11:45 PM, Matt Burnett wrote: = Mike _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... As has clearly been articulated in both this thread and many others preceding, this has nothing to do with security. It is a matter of providing sustainable interfaces to developers and techniques for managing situations where interfaces have to change in a graceful fashion. I think the preceding threads prove my point that there is a demand from the development community to provide kernel hooks even if the interface is volatile. That there are demands is clear. The significance of these demands is open to debate, and the DTS folks are probably in the best position to comment on that, as they deal with Apple's developer community on a daily basis. It's not unreasonable to assume that you aren't the first person to raise these issues, and perhaps it would help for you to understand more fully how things have reached the point they are currently at. If Apple doesn't provide one, then that makes me think they dont want to because it could destroy the user expierence with kernel panics. You could read the several justifications offered in this thread and others by engineers that have worked on, or are still working on, the issues, rather than guessing. You are of course welcome to remain uninformed, but it doesn't help your case. The downside to that is, if Apple doesn't provide a regulated but liberal interface into the kernel the developers will create their own. With my proposed plan at least gives the user fair warning, whereas the present solution requires me to hook it manually, leaving the possibility i would never inform the user of the hook and the resulting panics being perceived by the user to be Apple's fault. A sensible developer with care for their customers would not do this. If you have a need for an interface that the system doesn't expose, your first stop should be with DTS or the Apple engineers on this list, and you would need to realise that you're not the only stakeholder in the game. If you can't do what you want in the way that you think you should, perhaps you need to look for a different way, or perhaps you need to accept that it cannot be done... Terry did say that "We hide system calls so someone unscrupulous..." can't hook them. The act of hiding something from a unscrupulous person directly implies the act of hiding to be a security measure, see my first reply to him for a definition of unscrupulous. Whilst that may well be a definition of the term, you have incorrectly interpreted what Terry was attempting to communicate. This email sent to site_archiver@lists.apple.com