Re: SSH_ASKPASS does not allow to use NSConnection?!
Re: SSH_ASKPASS does not allow to use NSConnection?!
- Subject: Re: SSH_ASKPASS does not allow to use NSConnection?!
- From: "Quinn \"The Eskimo!\"" <email@hidden>
- Date: Mon, 3 Oct 2011 10:31:33 +0100
On 3 Oct 2011, at 08:00, [ChungwaSoft] Fabian Jäger wrote:
> I found out that the whole problem has something to to with NSConnection over mach ports, which is not possible between different user spaces.
That's likely. When you use DO via the "registered name" API, the name gets registered and looked up in the Mach bootstrap namespace. Technote 2083 "Daemons and Agents" discusses that issue in depth.
<http://developer.apple.com/library/mac/#technotes/tn2005/tn2083.html>
The executive summary is that you can't connect 'up' the stack. That is, you can have user code connect to daemon code, but not the other way around.
> A workaround would be to use UNIX domain sockets or even NSConnection over TCP/IP for IPC. Is there any preferred way of doing this?
You can create a connection from an NSSocketPort, and that lets you create it using either TCP or UNIX domain sockets. If you search the docs for creating a connection over TCP, it's easy to see how to convert it to UNIX domain sockets.
However, I strongly recommend against using DO in a situation like this. DO has numerous problems on current systems, but the important one, the one that can't just be fixed as a bug, relates to security. DO is based on object archiving and de-archiving, and that's extremely risky if you're crossing security domains, as explained in the "Archiving and Unarchiving Data In Mac OS X" section of the "Secure Coding Guide".
<http://developer.apple.com/library/mac/#documentation/Security/Conceptual/SecureCodingGuide/Articles/ValidatingInput.html#//apple_ref/doc/uid/TP40007246-SW10>
S+E
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden