site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com On Jan 3, 2006, at 8:31 AM, matt jaffa wrote: Matt, = Mike _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... I have a NKE project that needs a user space daemon to be running to get information back from the user. I have this working and everything, and have a daemon launched for each individual user that runs the program. I have my user space daemon with these privileges, 4755, which means the setuid bit is set for my daemon executable so that it can elevate itself to perform a process id lookup. My question is what does Apple/Security feel about my application having the setuid bit set? Firstly, many thanks for picking a sensible architecture for your application. I'm a little confused about "perform a process id lookup" though. What are you trying to do, and what specific interface(s) are you using that require privilege? As a general rule, having your daemon run setuid inside the user's environment is discouraged. This email sent to site_archiver@lists.apple.com