So the mach/xnu system that Mac OS is based on has a potentially big security
hole: if you can get the task post of a task, you can do things to it.
So, Apple put security features on get_task_for_pid, and put taskgated in
charge of it.
And, apple-supplied debuggers, such as GDB, are blessed and can get task ports.
But jvisualvm comes from oracle with each new release of Java, and does not get
that blessing.
Now, according to the man page, the answer is to sign the bundle that your tool
is in.
-s Allow signed applications marked as "safe" to have free access to
task ports, without having to
pass an authorization check. Note that such callers must be
marked both allowed and safe.
It also mentions this:
system.privilege.taskport Authorization right used to check access of
allowed (but not safe) callers.
Now, signing: everything that I've seen on signing is about signing a bundle.
Jvisualvm is not a bundle; it is a flat java program.
So, is there a way to make the java system executable blessed so that java
debuggers can get the task port of a java program?
---
Entertaining minecraft videos
http://YouTube.com/keybounce
_______________________________________________
MacOSX-talk mailing list
[email protected]
http://www.omnigroup.com/mailman/listinfo/macosx-talk
