site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com On May 4, 2006, at 1:04 PM, Matt Ginzton wrote: #include <sys/wait.h> #define PATH_TO_KEXT "/usrlocal/bin/mykext" /* or wherever... */ ... int status; status = system("/sbin/kextload " PATH_TO_KEXT); if (WIFEXITED(status)) { /* kextload exited normally */ if (WEXITSTATUS(status) == 0) { /* and the KEXT was successfully loaded */ .... } else { /* handle the error and quit */ } } else { /* handle the error and quit */ } /* Do my success thing here... */ ... -- Terry _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... int result = execlp("kextload", "kextload", "<path to my kext>" (char *)0); this does load the kext but exists my daemon program, I am guessing because of what the documentation says that it replaces the current process image with the new process image. The normal Unix way of doing this is a combination of fork, exec, and wait. Fork creates a separate process, in which you can exec kextload, and then the parent process waits for the child to exit. Alternately, the fork()/exec()/wait() is encapsulated for you as well, if you use the system() library routine. Using execlp() is not necessarily the best approach: it exec's a binary using the PATH lookup, which means someone could force your application to run malicious code as root by changing the PATH environment variable so that their trojan, also named "kextload", is the first "kextload" it sees and executes. If you have to do this, for simplicity (safety) sake, I would recommend using an absolute path, and the simplest method that would let you check the failure of the kextload command, e.g.: NB: You can be marginally faster by unrolling the function to avoid the use of the shell interpreter by system(); however safety should not be impacted by this, since the path to the shell is hard-coded in libc, and the "-c" argument makes it ignore the circumvention points that would otherwise be in effect if you did it yourself and forgot the "-c". This email sent to site_archiver@lists.apple.com