diff --git a/tools/generate_dump.ad b/tools/generate_dump.ad
index 3521f612..36b14d5f 100644
--- a/tools/generate_dump.ad
+++ b/tools/generate_dump.ad
@@ -40,10 +40,11 @@ it will be generated from a live running process, not as a result of an
 exception occurring.
 
 This program uses +task_for_pid()+ to access the process’ task port. This
-operation may be restricted to use by the superuser or processes permitted by
-taskgated(8). Consequently, this program must normally be invoked by root. It is
-possible to install this program as a setuid root executable to overcome this
-limitation.
+operation may be restricted to use by the superuser, executables signed by an
+authority trusted by the system, and processes otherwise permitted by
+taskgated(8). Consequently, this program must normally either be signed or be
+invoked by root. It is possible to install this program as a setuid root
+executable to overcome this limitation.
 
 This program is similar to the gcore(1) program available on some operating
 systems.
diff --git a/tools/mac/exception_port_tool.ad b/tools/mac/exception_port_tool.ad
index d781a417..cf7af74f 100644
--- a/tools/mac/exception_port_tool.ad
+++ b/tools/mac/exception_port_tool.ad
@@ -92,10 +92,11 @@ with process id 'PID' instead of the current task associated with the tool. When
 this option is supplied, 'COMMAND' must not be specified.
 +
 This option uses +task_for_pid()+ to access the process’ task port. This
-operation may be restricted to use by the superuser or processes permitted by
-taskgated(8). Consequently, this program must normally be invoked by root to use
-this option. It is possible to install this program as a setuid root executable
-to overcome this limitation.
+operation may be restricted to use by the superuser, executables signed by an
+authority trusted by the system, and processes otherwise permitted by
+taskgated(8). Consequently, this program must normally either be signed or be
+invoked by root to use this option. It is possible to install this program as a
+setuid root executable to overcome this limitation.
 
 *-h*, *--show-host*::
 Shows the original host exception ports before making any changes requested by
diff --git a/tools/mac/sectaskaccess_info.plist b/tools/mac/sectaskaccess_info.plist
new file mode 100644
index 00000000..faebead9
--- /dev/null
+++ b/tools/mac/sectaskaccess_info.plist
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>SecTaskAccess</key>
+	<array>
+		<string>allowed</string>
+	</array>
+</dict>
+</plist>
diff --git a/tools/tools.gyp b/tools/tools.gyp
index 9a1119ac..98010b38 100644
--- a/tools/tools.gyp
+++ b/tools/tools.gyp
@@ -15,6 +15,33 @@
 {
   'conditions': [
     ['OS=="mac"', {
+      'variables': {
+        # Programs that use task_for_pid() can indicate to taskgated(8) in their
+        # Info.plist that they are allowed to call that function. In order for
+        # this to work, the programs in question must be signed by an authority
+        # trusted by the system. Signing is beyond the scope of the build, but
+        # the key to make this work is placed in Info.plist to enable the
+        # desired behavior once the tools that require this access are signed.
+        #
+        # The tools built here are flat-file executables, and are not bundled.
+        # To have an Info.plist, they must have a special __TEXT,__info_plist
+        # section. This section is created at link time.
+        #
+        # The Info.plist for this purpose is mac/sectaskaccess_info.plist and is
+        # referenced by OTHER_LDFLAGS. ninja runs the link step from the output
+        # directory such as out/Release, and requires a relative path from that
+        # directory. Xcode runs the link step from the directory of the
+        # .xcodeproj, which is the directory of the .gyp file.
+        'conditions': [
+          ['GENERATOR=="ninja"', {
+            'sectaskaccess_info_plist':
+                '../../tools/mac/sectaskaccess_info.plist',
+          }, {  # else: GENERATOR!="ninja"
+            'sectaskaccess_info_plist': 'mac/sectaskaccess_info.plist',
+          }],
+        ],
+      },
+
       'targets': [
         {
           'target_name': 'tool_support',
@@ -61,6 +88,14 @@
           'sources': [
             'mac/exception_port_tool.cc',
           ],
+          'xcode_settings': {
+            'OTHER_LDFLAGS': [
+              '-sectcreate',
+              '__TEXT',
+              '__info_plist',
+              '<(sectaskaccess_info_plist)'
+            ],
+          },
         },
         {
           'target_name': 'generate_dump',
@@ -79,6 +114,14 @@
           'sources': [
             'generate_dump.cc',
           ],
+          'xcode_settings': {
+            'OTHER_LDFLAGS': [
+              '-sectcreate',
+              '__TEXT',
+              '__info_plist',
+              '<(sectaskaccess_info_plist)'
+            ],
+          },
         },
         {
           'target_name': 'on_demand_service_tool',