Re: task_for_pid and host_processor_set_priv failing on Yosemite 10.10.5

3 Jun 2016

      Hi Quinn,
I don't want to run as root but if I do run as root, it runs fine.  the big picture is I'm wanting to insert my code into
the third party app so I can monitor its events.  Then when certain events occur, respond to them.   I know how to
monitor events and to setup the responders, I just can't seem to get past these APIs when I'm not a root user from
what I can tell.  I'm wondering if in the original example if I was doing something inherently wrong?  I was basically
following the steps presented by the man taskgated .

GC
...
-------Original Message-------
 From: Quinn The Eskimo! <eskimo1@apple.com>
 To: Apple Darwin Kernel list <darwin-kernel@lists.apple.com>
 Subject: Re: task_for_pid and host_processor_set_priv failing on Yosemite 10.10.5
 Sent: Jun 03 '16 08:39
On 3 Jun 2016, at 13:29, Gordo Cath <ds@y23.org> wrote:
...
I would have though the nvram kext-dev-mode=1 would have let me past that?  or does that flag not work for
applications?
`kext-dev-mode` is only relevant to KEXTs.
...
So in one case i started the first process, a true 64 bit process from my userid.   and the second process is my
own custom 64 bit application.   However the first process is third party, as I do not have access to their source.
What’s the high-level goal here?  What is your process trying to do to this other process?
                   *                   *                   *
It seems to me that you’re approaching this from a traditional UNIX perspective, where all processes owned by a
particular user are essentially equal.  This is not true on Darwin because all of our platforms require us to protect app A
from app B even though A and B are run by the same user.  This is central to all iOS-based platforms, but it also
applies to OS X when you consider sandboxing.
In some cases you can bypass this restriction by running as root but even that’s not guaranteed.  Consider this:
$ sw_vers
 ProductName:	 Mac OS X
 ProductVersion:	 10.11.5
 BuildVersion:	 15F34
 $ sudo lldb
 Password: ********
 (lldb) process attach -n Finder
 error: attach failed: cannot attach to process due to System Integrity Protection
System Integrity Protection on 10.11 and later prevents `task_for_pid` from targeting certain processes even if it’s
called as root.
Share and Enjoy
 --
 Quinn "The Eskimo!"                    <http://www.apple.com/developer/>
 Apple Developer Relations, Developer Technical Support, Core OS/Hardware
_______________________________________________
 Do not post admin requests to the list. They will be ignored.
 Darwin-kernel mailing list      (Darwin-kernel@lists.apple.com)
 Help/Unsubscribe/Update your Subscription:
 https://lists.apple.com/mailman/options/darwin-kernel/ds%40y23.org
This email sent to ds@y23.org

Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (Darwin-kernel@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists....

This email sent to site_archiver@lists.apple.com

Gordo Cath

tags

participants (1)