> On 12 Jan 2017, at 23:59, Mark Hatle <mark.ha...@windriver.com> wrote:
> As far as I know pseudo and the security introduced in 10.11 that affect
> preloading is likely the biggest technical problem...  everything else is just
> "it's not Linux”.

With System Integrity Protection disabled, pseudo should still work as it did 
before, if that’s an acceptable step for you.

If it isn’t, Apple’s new limitations can also be worked around in pseudo by 
hooking the exec(2) and posix_spawn(2) syscalls, checking if the binary to be 
executed is under system integrity protection, making a copy without the 
SIP-bit if it is and transparently running that copy instead. That code would 
need to be written, though (Let me know if you want to do that, I have the code 
for a different project.). It’s probably only a matter of time until Apple 
prevents that from working, too, though, e.g. by making some standard system 
tools signed binaries that no longer load preloaded libraries.

Clemens Lang • Development Specialist
BMW Car IT GmbH • Lise-Meitner-Str. 14 • 89081 Ulm • http://bmw-carit.com
Geschäftsführer: Michael Würtenberger und Alexis Trolin
Sitz und Registergericht: München HRB 134810

yocto mailing list

Reply via email to