site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com John, I don't think it's that simple. -- Cliff On 6-Feb-06, at 7:28 PM, John Davidorff Pell wrote: JP On 6 Feb 2006, at 10:32, Cliff Russell wrote: Alain, #!/bin/sh /sbin/kextload /Library/StartupItems/MyKern/MyKern.kext -- Cliff On 6-Feb-06, at 1:28 AM, Stephane Sudre wrote: On 4 févr. 06, at 17:47, Peter Lovell wrote: On Feb 4, 2006, at 8:00 AM, Alain Birtz wrote: Hi Alain, I had thought, actually, that "Fix" was no longer an option. ---- It's all fun and games 'til someone writes to a NULL pointer! _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... I think you'll find that a lot of third party drivers, especially authors of kernel extensions that need to participate in the boot process or driver matching will install their kernel extension in / System/Library/Extensions. In fact, in "I/O Kit Device Driver Design Guidlines" under "Packaging Drivers for Installation" you'll see a note talking about using creating a package to install your kernel extension in /System/ Library/Extensions (see <http://developer.apple.com/documentation/ DeviceDrivers/Conceptual/WritingDeviceDriver/index.html>) I can't find any Apple documentation indicating that third parties should not install their kernel extensions in /System/Library/ Extensions. Yes, /System is Apple owned, but I think this is an exception to that rule. As well Startup Items are deprecated on 10.4. (see <http:// developer.apple.com/technotes/tn2005/tn2083.html>) Alain needs to decide where his extensions needs to be installed. I think if his extension needs to run everytime the machine boots and he sets up the appropriate matching information then /System/Library/Extensions is reasonable, but perhaps there is some other requirement to his extension that I don't know about and loading from somewhere else makes sense. Its not a dumb question to someone who doesn't know the answer, but the answer is simple: Apple owns /System. No third party should ever install anything in /System. A startup script to load an external kext is the correct way to load a kext at startup. This may be a dumb question with a clever answer but, if your startup scipt looks like this: then it seems like you want you KEXT to be loaded everytime the machine boots. If that's the case, why don't you put your KEXT in /System/Library/ Extensions? There are a couple circumstances where is makes sense to not put your kernel extension in /S/L/E, but to me this doesn't seem to be one of them After the restart Mac OS X send this message dot thef the kernel extention myKern An item in the Startup Items folder ("/Library/StartupItems/ myKern") does not have the proper security settings." Options are to "Disable" or "Fix" (or "Decide Later" to change nothing). The permission, owner and group of the kernel extention files seem exactly the same after and before the "Fix". Do I miss something ? The general rules for kexts are that all items be owned by root:wheel (uid:gid is 0:0) and that nothing be writable except by root. That usually translates to mode 755 for directories and 644 for files. Starting with 10.4, I think every file/folder within the StartupItems folder need to be owned by root:wheel, not just the kext. Someone probably realized the main security flaw was not with kexts but with startup scripts... _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/cliff_russell %40atimi.com This email sent to cliff_russell@atimi.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/jpell.lists% 40mac.com This email sent to jpell.lists@mac.com This email sent to site_archiver@lists.apple.com