[launchd-dev] SMJobBless & secure launched helper tool

[Eric Gorr]

On Oct 3, 2011, at 12:22 PM, Quinn The Eskimo! wrote:

> In general I recommend that you avoid trying to check whether your helper tool is installed correctly by looking at the file system.  Rather, do an IPC to the tool and, if it works, you know that everything is hunky dory.  If you're concerned about version numbers, have an IPC request to ask the helper tool for its version.  If that fails, or returns a low version, you then know that you need to go through the installation process.
> 
> Look at how I handle this in BetterAuthorizationSample.  While it doesn't use SMJobBless (one day, one day...), the basic strategy is correct IMO.
> 
> <http://developer.apple.com/library/mac/samplecode/BetterAuthorizationSample/>


Thank you for the reply.

Ok, so if I understand you correctly, you are saying:
(This is the primary item I want to be clear on…should launching the SMJobBless sample app cause a request for an admin password every time?)

The SMJobBless sample application is correctly written and there should be an admin password request for every launch.

Since asking for a password, with every application launch, is annoying for the user when the helper tool is already there and functioning correctly, you are also saying:

It is up to the programmer to check the version number of the installed helper tool and call the SMJobBless function if necessary. The proper way to obtain the version number of the tool is to send the tool a message and have it reply with it's version number. If a connection to the tool cannot be made, call SMJobBless. If it responds with a different version number then the one expected, call SMJobBless.


Thank you!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/launchd-dev/attachments/20111003/fe47867e/attachment.html>