At 22:23 +0000 23/1/08, Hamish Allan wrote:
Is it possible for a user agent to be bound to a privileged port?
No. Take a look at Figure 3 in TN2083. <http://developer.apple.com/technotes/tn2005/tn2083.html#FIGLAUNCHTREE> launchd agents are managed by the per-user launchds. Those launchds have irrevocably dropped all privileges. Thus, there's no way for them to be able to bind to a privileged port on your behalf. At 22:23 +0000 23/1/08, Hamish Allan wrote:
As far as I can tell, there are two ways of demonstrating to launchd that you have the authority to perform privileged operations such as binding to a port < 1024: putting a plist file in /Library/Launch*, or running launchctl sudo.
I believe you mean "/Library/LaunchDaemons" and not "/Library/Launch*". The latter would include agents (in "/Library/LaunchAgents"), which are restricted as I've described above. btw These two mechanism are fundamentally the same. o When you put a file in "/Library/LaunchDaemons", it is consulted by the root launchd at system startup. o When you run launchctl using sudo, it always talks to the root launchd. Thus, in both cases the launchd job gets loaded into the root launchd, which is the only one capable of binding to privileged ports. S+E -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware