[launchd-dev] UserName ignored on per-user LaunchAgents

[Nathan Duran]

On Dec 5, 2007, at 9:51 AM, Quinn wrote:

> At 9:31 -0800 5/12/07, Nathan Duran wrote:
>> I'm afraid I don't understand what is meant by the term "external  
>> form" here. Are you suggesting that the authorization API be used  
>> to prevent rogue applications from utilizing the IPC services  
>> vended by the daemon?
>
> For a concrete illustration of this, check out the recently released  
> BetterAuthorizationSample.
>
> <http://developer.apple.com/samplecode/BetterAuthorizationSample/index.html 
> >
>
> Share and Enjoy

I finally had a chance to sit down and look over this, and while I  
think it may be a great approach for an application which needs to  
perform certain tasks as root on an ongoing basis, I don't think it's  
a privileged operations panacea, however secure it may be.

In particular, it strikes me as overkill to litter /Library and /var  
with support files and dance around with complicated launchd IPC  
maneuvers at times when all I need to do is create a keychain item or  
install a trusted root certificate as part of a larger software  
installation. Things like this are usually run once before they're  
thrown away, and since something's going to have to ask for permission  
to write all those root-owned plists out anyway, might as well get it  
over with right then and there the old fashioned AEWP/setuid way.

Cool stuff, but I unfortunately can't replace any of the helper tools  
I've got with it. The asl_log() thing sounds interesting, though. What  
list should I complain about the lack of documentation/evangelization  
for that on? I didn't even know it existed.