site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com -- Terry Hi Jacques, but it's so far in the future, the needs are now not in next release of the system, imagine if you say the same thing on another list about a wonderful open-system, you have to wait the next release of the whole operating system to correct this, it's non-sense Cheers! On Oct 11, 2008, at 9:23 PM, Todd Heberlein wrote: _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... There are a couple of easy answers on this, but you are not going to like them: (1) Fix the problem and build your own kernel. Submit the patches back to Apple to increase the probability that things will be fixed the way you want them fixed. (2) Common Criteria Auditing is narrowly defined by use model; as long as you don't use it outside the model, it remains valid. For system components shipped by a vendor, existing behaviour is technically allowed. Outside that, well, choose to use code paths involving execve () rather than posix_spawn(). Do not expect a "hot fix" for already released code, and do not any fix whatsoever unless you file a bug report through the proper channels, rather than posting on a mailing list. On Oct 13, 2008, at 10:04 AM, mm w <openspecies@gmail.com> wrote: On Mon, Oct 13, 2008 at 9:44 AM, Jacques Vidrine <nectar@apple.com> wrote: Double-clicking an app will cause lauchd to fork and start the process. One Leopard posix_spawn is used to start the new process. E.g. Looking at the launchd source code, it looks like it sets the appropriate audit mask *before* calling posix_spawn(). So is it possible that posix_spawn() doesn't create an audit record? This seems challenging... there may be no way to identify in the audit trail the name of a program started with launchd (?). This will make security auditing difficult. It is likely that there are some launchd code paths which do not result in setting the audit mask before invoking posix_spawn(). There is significant remediation and enhancement work happening in this area for Snow Leopard. This email sent to site_archiver@lists.apple.com