On Jan 28, 2008 11:30 AM, Quinn <eskimo1@apple.com> wrote:

launchd agents are managed by the per-user launchds. Those launchds have irrevocably dropped all privileges. Thus, there's no way for them to be able to bind to a privileged port on your behalf.

Good news for security. Bad news for my purposes! On Jan 28, 2008 11:30 AM, Quinn <eskimo1@apple.com> wrote:

At 22:23 +0000 23/1/08, Hamish Allan wrote:

...

As far as I can tell, there are two ways of demonstrating to launchd that you have the authority to perform privileged operations such as binding to a port < 1024: putting a plist file in /Library/Launch*, or running launchctl sudo.

I believe you mean "/Library/LaunchDaemons" and not "/Library/Launch*". The latter would include agents (in "/Library/LaunchAgents"), which are restricted as I've described above.

FWIW, I *did* mean /Library/Launch*: putting a file in /Library/LaunchAgents does demonstrate that you have the *authority* to perform privileged operations (because its permissions are the same as those of /Library/LaunchDaemons), but the architecture of launchd prevents this from being translated into actual privileges. On Jan 28, 2008 11:30 AM, Quinn <eskimo1@apple.com> wrote:

btw These two mechanism are fundamentally the same.

o When you put a file in "/Library/LaunchDaemons", it is consulted by the root launchd at system startup.

o When you run launchctl using sudo, it always talks to the root launchd.

Thus, in both cases the launchd job gets loaded into the root launchd, which is the only one capable of binding to privileged ports.

Aha. Makes sense. Good to know. Thanks, Hamish