Re: Looking for an explanation on this CoreFoundation "feature"

FROM : Chris Kane
DATE : Wed Jan 01 05:20:33 2003

CFMessagePort doesn't implement any privilege or security policies of
its own.  Only the ones inherent to Mach ports and the naming
(bootstrap) server and its namespaces would be in effect.

I've never heard of this, but it's possible something changed in the
bootstrap server to close some security hole.  (One can imagine being
able to send messages to a root-running server could be used to cause
trouble.  But why only some and not all is mysterious.)  You could
probably test this with raw Mach port APIs (mach_port_allocate,
bootstrap_register in a setuid process that just blocks with sleep()
after the register; bootstrap_lookup in another process, run both as
root and as a user, and see what happens).

Chris Kane
CoreFoundation, Apple


On Monday, December 23, 2002, at 02:37 AM, Stiphane Sudre wrote:

> Does someone know why in 10.2, when you launch a process as root (not
> at boot time) you can't communicate with it using Message Ports because
> you're not able to get the CFMessagePortRef attached to the root
> process?
>
> My personal opinion on this (since I didn't find any good explanation
> in the release notes, the documentation) is that this is terribly lame
> since it prevents me from debugging this root process.
>
> This was working fine in 10.1 and it stopped working in 10.2 without
> any explanation.
>
> Now it's only working for boot time on 10.2
> _______________________________________________
> cocoa-dev mailing list | <email_removed>
> Help/Unsubscribe/Archives:
> http://www.lists.apple.com/mailman/listinfo/cocoa-dev
> Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | <email_removed>
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.