site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Terry Lambert writes:
load: mydriver.kext sudo chown -R root:wheel mydriver.kext (sudo kextload -s . -r . mydriver.kext; sudo chown -R $ (USER):wheel mydriver.kext)
You might want to do the chown before you try loading it, or the first time will always fail...
? I do..
The only drawback is that the NFS fs must be exported with root=0 to avoid running into the bug that requires kexts be owned by root:wheel.
That's a feature, not a bug. The intent is to make it impossible for third parties to demand-load a KEXT that does malicious things behind your back, without you first granting explicit authorization during the install by typing your admin password. If it were not this way, it'd be trivial to compromise your machine from a shell account.
It is a bug. If I, as root, explicity request that a KEXT be loaded, it should darned well be loaded no matter who owns it. I assume that by "demand loading", you mean automagically loading a KEXT as a dependancy? I agree that there should be security checks on that, but they shouldn't apply to an explicit kextload issued by root.
And compile up your own copy that removes this restriction. I recommend that you do not do this; if you do it anyway, I recommend you do not give people shell access to the modified machine.
I don't think I'd even want to give people shell access to an *unmodified* mac, based on the recently publicised security contest (http://www.zdnet.com.au/news/security/soa/Mac_OS_X_hacked_in_less_than_30_mi...). Drew _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com