[launchd-dev] UserName ignored on per-user LaunchAgents

James Bucanek subscriber at gloaming.com
Wed Dec 5 09:38:38 PST 2007

Nathan Duran <mailto:launchd at khiltd.com> wrote (Wednesday, 
December 5, 2007 10:31 AM -0800):
>I'm afraid I don't understand what is meant by the term "external
>form" here. Are you suggesting that the authorization API be used to
>prevent rogue applications from utilizing the IPC services vended by
>the daemon?

Hey, a question I can answer. :)

When you authenticate a user, you get an authorization reference 
which can then be passed to various Authorization API functions 
to do stuff.

However, authorization references cannot be passed between 
processes. To obtain an authorization (like in a GUI app) and 
pass that to another process for it to use (like a deamon or 
faceless helper) you must convert the authorization ref into an 
"external form", which is just an opaque data blob that 
encapsulates the authorization. You then pass that data blob to 
the other process, which then turns the "external" form of the 
authorization back into a usable authorization ref.

James Bucanek

More information about the launchd-dev mailing list