[launchd-dev] UserName ignored on per-user LaunchAgents
James Bucanek
subscriber at gloaming.com
Wed Dec 5 09:38:38 PST 2007
Nathan Duran <mailto:launchd at khiltd.com> wrote (Wednesday,
December 5, 2007 10:31 AM -0800):
>I'm afraid I don't understand what is meant by the term "external
>form" here. Are you suggesting that the authorization API be used to
>prevent rogue applications from utilizing the IPC services vended by
>the daemon?
Hey, a question I can answer. :)
When you authenticate a user, you get an authorization reference
which can then be passed to various Authorization API functions
to do stuff.
However, authorization references cannot be passed between
processes. To obtain an authorization (like in a GUI app) and
pass that to another process for it to use (like a deamon or
faceless helper) you must convert the authorization ref into an
"external form", which is just an opaque data blob that
encapsulates the authorization. You then pass that data blob to
the other process, which then turns the "external" form of the
authorization back into a usable authorization ref.
--
James Bucanek
More information about the launchd-dev
mailing list