| Måns Rullgård 2005-06-14, 5:57 pm |
| SM Ryan <wyrmwif@tango-sierra-oscar-foxtrot-tango.fake.org> writes:
> =?iso-8859-1?q?M=E5ns_Rullg=E5rd?= <mru@inprovide.com> wrote:
>
> # What are the "windowserver" and the "Process Manager"?
>
> Macs are unix too. Finally. More or less. Sometimes MacOSX experts
> hang out on comp.unix.programmer,
>
> If you're really interested, the windowserver is the Aqua equivalent,
> roughly, to an X-Windows server. The Process Manager is sort of like
> the init of a process sub-hierarchy within the unix process hierarchy.
> Daemonic activities like cron and Apache are outside that hierarchy
> and denied access to some useful services.
That doesn't sound like a very Unix way of doing things.
> # A SIGBUS is caused by some kind of invalid memory access. It could be
> # an unaligned access, or an access to an invalid address (more invalid
> # than unmapped). I can't say why this would happen only when running
> # setuid.
>
> The only importance of the uid is that it means the connection to
> the windowserver is supposed to permitted; you have to be root or a
> logged in user. If the process remained running as www or nobody
> the connection is denied.
That appears to me as a rather bad design, from a security point of
view. It encourages running process with more privileges than would
strictly be necessary.
> The source code is closed so I can't debug it myself.
Sometimes you can still be able to find out what instruction caused an
error, and what address it was trying to access.
> Unfortunately some useful MacOSX services are tied to the
> windowserver even when the display and keyboard are not needed.
Yuck.
--
Måns Rullgård
mru@inprovide.com
|