site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:from:date:message-id :subject:to:content-type; bh=qvL8odqj1Cwfaj/c/IC7AED4qZbpSONDZ5L/B45uHew=; b=lDpkTLpYiKpUtz/m06u25txVc0LLaXw+8uOfOmTkwGVJ450IjfajK76VRN1CWwpuDu QTGbonkQ67XxCuLhZBb7uSgWoNt6ltRtIHyPtcRloulPTqF/trlC7Arb+qJTZhc//UkV i6pHImspaQcYQj+7TDawUsmBaH5nftUyLUI3M= Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; b=a+okp3H6VIYGE9KTf6l6Y8x+QAjRKpcDHF66nCkEX1BvxuAmAwGb2q3QlY315Hn87F ERfcFigZJRB1s0MXX3bNbbAVSQk6lLRjI1f9jM6H9HPntvURqxHF+YULIUpSlVWOjFlH pOCgcu4osU+f3EynW61BKFCENrm0iF7rODtEU= Hey list, After exhausting all other options, I've determined that I need to write a KEXT that will take advantage of the Kauth KPIs, which will tighten the security around a specific process and its children. The KEXT will be loaded by a daemon process, which will then register itself with the KEXT as the process needing protection. My problem is that of robustness: should the daemon crash, ideally the KEXT would notice and tear down the resources that it held. Unfortunately I'm not sure it's possible for a KEXT to be notified when a process exits. I'm pretty certain it's impossible using the BSD kernel KPIs, but perhaps there's a way with the Mach ones? Thanks for any insight! David _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com