-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Programmatically elevate privileges for writes #2
Comments
Update
"The reason why AEWP was deprecated is because it's whole security model is hopelessly broken. That makes providing a drop-in replacement somewhat pointless, in that it would just add back in the broken security." -via Apple dev forums The new recommended approach it seems is to write a privileged helper thats invoked via For more see:
|
TODO: See SFAuthorization, may be of use |
Closing this for now. Consensus at this time is to simply leave this to the client, which as mentioned before is not unreasonable. Keeps SMCKit code clean, and in any non-trivial situation, client would want to handle auth anyway since its sensitive. For all other cases, trivial ones that is, |
As a followup on this, with 10.11's new System Integrity Protection feature, things are getting lockdown further, reinforces the point that its up to the client to handle privileges. I'm not even sure that privileged helpers will work either anymore. Tracking this in beltex/dshb#27 |
Writing to the SMC requires root (
setFanRPM()
for example). Currently, this is done by simply running the process as root (sudo
). Instead we want to do this programmatically, prompting the user for privileges (credentials).See "Elevating Privileges Safely" Apple doc.
The text was updated successfully, but these errors were encountered: