llvm-project

Commit Graph

Author	SHA1	Message	Date
Han Ming Ong	b9c53daa55	<rdar://problem/11400476> On Lion, because the rights initially doesn't exist in /etc/authorization, if an admin user logs in and uses lldb within the first 5 minutes, it is possible to do AuthorizationCopyRights on LaunchUsingXPCRightName and get the rights back. As another security measure, we make sure that the LaunchUsingXPCRightName rights actually exists. Removed Xcode as the user of the XPC service to shrink the security surface area. llvm-svn: 156424	2012-05-08 21:35:52 +00:00
Han Ming Ong	2ee44a1e38	<rdar://11033946> Made sure that the root XPC service validate the right before starting the service. The right is created and authenticated by clients (in this case, lldb) and transferred over for validiation. llvm-svn: 152802	2012-03-15 15:37:50 +00:00

Author

SHA1

Message

Date

Han Ming Ong

b9c53daa55

<rdar://problem/11400476>

On Lion, because the rights initially doesn't exist in /etc/authorization, if an admin user logs in and uses lldb within the first 5 minutes, it is possible to do AuthorizationCopyRights on LaunchUsingXPCRightName and get the rights back. As another security measure, we make sure that the LaunchUsingXPCRightName rights actually exists.

Removed Xcode as the user of the XPC service to shrink the security surface area.

llvm-svn: 156424

2012-05-08 21:35:52 +00:00

Han Ming Ong

2ee44a1e38

<rdar://11033946>

Made sure that the root XPC service validate the right before starting the service. The right is created and authenticated by clients (in this case, lldb) and transferred over for validiation.

llvm-svn: 152802

2012-03-15 15:37:50 +00:00

2 Commits