[launchd-dev] Binding an individual user's agent to a privileged port

[Hamish Allan]

On Jan 28, 2008 11:30 AM, Quinn <eskimo1 at apple.com> wrote:
> launchd agents are managed by the per-user launchds.  Those launchds
> have irrevocably dropped all privileges.  Thus, there's no way for
> them to be able to bind to a privileged port on your behalf.

Good news for security. Bad news for my purposes!

On Jan 28, 2008 11:30 AM, Quinn <eskimo1 at apple.com> wrote:
> At 22:23 +0000 23/1/08, Hamish Allan wrote:
>>As far as I can tell, there are two ways of demonstrating to launchd
>>that you have the authority to perform privileged operations such as
>>binding to a port < 1024: putting a plist file in /Library/Launch*, or
>>running launchctl sudo.
>
> I believe you mean "/Library/LaunchDaemons" and not
> "/Library/Launch*".  The latter would include agents (in
> "/Library/LaunchAgents"), which are restricted as I've described
> above.

FWIW, I *did* mean /Library/Launch*: putting a file in
/Library/LaunchAgents does demonstrate that you have the *authority*
to perform privileged operations (because its permissions are the same
as those of /Library/LaunchDaemons), but the architecture of launchd
prevents this from being translated into actual privileges.

On Jan 28, 2008 11:30 AM, Quinn <eskimo1 at apple.com> wrote:
> btw These two mechanism are fundamentally the same.
>
> o When you put a file in "/Library/LaunchDaemons", it is consulted by
> the root launchd at system startup.
>
> o When you run launchctl using sudo, it always talks to the root launchd.
>
> Thus, in both cases the launchd job gets loaded into the root
> launchd, which is the only one capable of binding to privileged ports.

Aha. Makes sense. Good to know.

Thanks,
Hamish