site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=fmIVceifeCTdrOLFGB8IcwyVHGHguhCC4LFm/rmU3e8=; b=kNCLRNYdhDka8nZxgbnDb5adzDalA+XChuc3ULQIRxAfNNwfTf+XUI3Td623Lbb/2D qNvTyNg2UNwEvJk8pNohJ/BBOd38lwU7Oac/NKZ/x9pPSgq85FjbdvddWGTsxgbAcJdB GjD+BvRLQi/BcPmY7aUlebcBogRLQzSJDLvZc= Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=xikmWl/xAOuMp+ScYwuW6wMWwNU6nNdjcEYmiP6bsAZjtzTLF5EOP60zymJVmYq6sD +XqzHrD18V+ol4tzsL1tzP3DdKcZ4PyBB3TIup+SHhjf90vWIbPYlFRgwwqDvphNS8wC J2LRs7jJhzh6LgNqDabP38dzcBrEXRGrCp8GE= Well, yes I can do that and in fact I guess I´ll just end up with that but I had hoped to run my client with less privileges. I´ve thought of a few things involving either two way communication between the kext and client, or scenarios where the kext solely examines the client and makes a decision based on that, in short I´ve not been successful as I can subvert every scheme I´ve thought of, sucks to be me. Perhaps what I want just isn´t possible. What I wanted: kext and client(not running as root) communicating prevent a deliberate wrong client from connecting So do you generally keep the client privileged and in the kext you assume that a privileged client is to be trusted? I´m fine with that assumption but I´d really prefer not running my client in the context of root. On Thu, Aug 20, 2009 at 10:13 AM, <Sudarshan_Swamy@mcafee.com> wrote:

It is possible to restrict socket access only to user land client running in root’s context. Is that what you are looking for ?

-Sudarshan

On 19/08/09 8:42 PM, "Michael Smith" <drivers@mu.org> wrote:

On Aug 19, 2009, at 6:10 AM, Andreas Guðmundsson wrote:

Hi, I have a kext and a userland client communicating with sockets. Now I'd like to be sure that I'm communicating with the correct client so I want the kext to authenticate the client. How can this be done properly?

Andreas,

Before it's possible to give you a useful answer, you need to explain what you mean by the "correct client".

Do you want to prevent an accidental wrong client, or are you trying to ensure that a deliberate wrong client won't be able to use your interface?

 = Mike

-- Ars longa, vita brevis, occasio praeceps, experimentum periculosum, iudicium difficile -- Hippocrates

_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com