So the recent discussion of Taskgated has me wondering how to fix a problem.
Basically: Taskgated has the job of restricting access to task ports to permit
security on mach. When a program wants to go from unix Pid to mach port, this
now has to be verified by taskgated.
Taskgated has been more strict than I would like.
I am running 10.9.5. The most common failures are with jvisualvm not working,
and this would make a perfectly good example case.
How do I tell taskgated to permit jvisualvm to always "pass", and rely on
userid and/or effective ID of root as permitted?
The manual for taskgated says:
-s Allow signed applications marked as "safe" to have free access to
task ports, without
having to pass an authorization check. Note that such callers
must be marked both
allowed and safe.
How you go about signing stuff is ... most definitely NOT well explained, and I
have never managed to find anything for how end users can sign an executable
(only how developers can sign a bundle.)
What's the solution?
_______________________________________________
MacOSX-talk mailing list
[email protected]
https://www.omnigroup.com/mailman/listinfo/macosx-talk
