site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=1Gfk0co+80u+aKQ0rVfr5K8lklNwy5qNKfRHA+HxLzo=; b=TfWH7NzkWxs42GQcRXCiIQtUQHVWkjMIKwdTR+6R2OLWLHb3e27ndllUDVpOg9aOVP nuZMP8ViaI8wNKtsxSy0Mftqyc/pFx/9pxSGtUGHWGT/MjeZhClZ/bIUXSQIDtKR6KEh i3/CoGJhopn/dFESZicUTBbEd8piXo59Djk/4= Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=xnpZRmRPutw0TqW5ryiGzIuy4R8nCQuZZyfIwP/ezZyi54QyB1+pBuO1ZyvEEQr05k DKin2UGRz3cyO0D+RhiAjIgvj7h+6sQgc8+dqhDpxI5LAyI3inQ/KztzkSQxfQLKosz0 uFCpFrHhNRhow4YnygUbNVuPq8Pq7K5LNbjTE= yep it's fairly right, but there are some threads on this question elsewhere On Sat, Oct 11, 2008 at 9:23 PM, Todd Heberlein <todd_heberlein@mac.com> wrote:
Double-clicking an app will cause lauchd to fork and start the process. One Leopard posix_spawn is used to start the new process. E.g.
Looking at the launchd source code, it looks like it sets the appropriate audit mask *before* calling posix_spawn().
So is it possible that posix_spawn() doesn't create an audit record? This seems challenging... there may be no way to identify in the audit trail the name of a program started with launchd (?). This will make security auditing difficult.
Todd
_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/openspecies%40gmail.com
This email sent to openspecies@gmail.com
-- -mmw _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com
participants (1)
-
mm w