[launchd-dev] UserName ignored on per-user LaunchAgents
Kevin Van Vechten
kvv at apple.com
Wed Dec 5 18:49:02 PST 2007
On Dec 5, 2007, at 5:02 PM, Nathan Duran wrote:
> On Dec 5, 2007, at 2:50 PM, Kevin Van Vechten wrote:
>
>> Absolutely. Helper tools require a setuid executable bit to be
>> set; they're also inherently less secure -- every environment
>> variable used by every library linked against is a potential source
>> of attack. Launch-on-demand helpers start from a clean
>> environment, avoiding this class of vulnerabilities.
>
> I get that, but I'm talking about what the user sees on their
> screen, not the under-the-hood stuff they know nothing about.
I believe the dialog presented is the same in both cases.
- Kevin
More information about the launchd-dev
mailing list