site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=731k97JpypArtczK4xESZVdHPVEprGyO3kXB1azO6zU=; b=pcZbD3cJ2+ddPZV3rF66r4phIQG+7Bm/Q3WV5UBwAO//FuR5QY4aGp+aCOpZRS5vIB fM0h03wa7zu8lyGgqBZT7/hSM5nIb1hZPeP/iUlSTu3VxpMNYjS/Vq6Yy5JXR8S0eFZi OJVYjHp17t51OKQhvthc7czak018TN25b8sWQ= Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=NxFNGCh3cApPKJUeCRdqONQ2PYxqoyRqBxF1j/ioPrCCWKpzpbCb0RvjPbbYKdF21f kNaMocU5C0lQrMCPE3VutnyQv0/nxhZUAQOysASoe0yHtzk6QPT+G1tNqQaKhsi7YvEr jpLjDKwg9l72S1Q6uVHzjVkCfByexe8Y5Dvlc= Hi Jacques, but it's so far in the future, the needs are now not in next release of the system, imagine if you say the same thing on another list about a wonderful open-system, you have to wait the next release of the whole operating system to correct this, it's non-sense Cheers! On Mon, Oct 13, 2008 at 9:44 AM, Jacques Vidrine <nectar@apple.com> wrote:
On Oct 11, 2008, at 9:23 PM, Todd Heberlein wrote:
Double-clicking an app will cause lauchd to fork and start the process. One Leopard posix_spawn is used to start the new process. E.g.
Looking at the launchd source code, it looks like it sets the appropriate audit mask *before* calling posix_spawn().
So is it possible that posix_spawn() doesn't create an audit record? This seems challenging... there may be no way to identify in the audit trail the name of a program started with launchd (?). This will make security auditing difficult.
It is likely that there are some launchd code paths which do not result in setting the audit mask before invoking posix_spawn(). There is significant remediation and enhancement work happening in this area for Snow Leopard.
Cheers, -- Jacques
_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/openspecies%40gmail.com
This email sent to openspecies@gmail.com
-- -mmw _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com
participants (1)
-
mm w