Quinn "The Eskimo!" wrote:
Let’s see if I understand this properly:
* You have a daemon, A, running as root.
* That daemon fork/exec's a helper tool, B.
* B switches its effective user ID to that of some user.
Just to be clear, B is a SetUID executable, so it's effective UID is set
during launch ... but yes, the code is running with UID=0, EUID=501.
* B has mysterious problems.
If this is accurate, it’s not a huge surprise. B is running in a parlous
environment, because half of its context has been switched to that of the user
but half of its environment has been inherited from the daemon. It’s not
uncommon for weird problems to crop up in that case. For example, have fun
accessing the keychain from B (-:
That's kind of what I thought, but I figured it didn't hurt to ask. And
yes, I've already run into the keychain issue. :(
Is B running as a role account user? Or an actual user?
It's a real user. The sole purpose of this process is to collect
user-perspective metadata for filesystem items (custom icon, localized
display name, etc.) on behalf of a second process running as root.
Question: I now how a second system daemon (which I created to support
XPC communications). This one is a bit special because its launchd
properties include the <key>UserName</key> so the process is executes as
the user that installed it. Does the UserName key "do the right thing"
and set up a system daemon's environment/context as the user, thus
giving me the context I'm looking for?
James
_______________________________________________
launchd-dev mailing list
launchd-dev@lists.macosforge.org
https://lists.macosforge.org/mailman/listinfo/launchd-dev
