site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Well, that is the fundamental problem. launchd is seriously broken on 10.4.x. It attempts to launch gui agents in non-gui sessions. The only option left is a log-in item. I can make an app to keep up my agent in place of launchd, but it doesn't get run as root, so it's vulnerable. o Running a GUI program as root is /strongly/ discouraged. o Vulnerable to what, exactly? Share and Enjoy -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... At 23:28 -0700 17/8/07, Eric Long wrote: I think you're mixing up what launchd will do. By definition an agent is running on behalf of a particular user, and thus doesn't run as root. Also: o Authorization Services already has an architecture for running GUI-oriented security code as a trusted user that is not run (uid 92, "securityagent"). This is the user that displays the standard authorisation dialogs, and that's one of the many reasons we recommend that you do authorisation via Authorization Services. This email sent to site_archiver@lists.apple.com