generate_dump, exception_port_tool: set SecTaskAccess allowed.

This adds an Info.plist to these two tools that use task_for_pid().
Since they’re flat unbundled executables, the Info.plist must be placed
as a __TEXT,__info_plist section.

By setting SecTaskAccess to allowed and signing these tools with a
certificate trusted by the system, they will be allowed to use
task_for_pid() without requiring the invoking user to be root. This
provides an alternative to installing these tools as setuid root.

R=rsesek@chromium.org

Review URL: https://codereview.chromium.org/822533002
This commit is contained in:
Mark Mentovai 2014-12-30 14:27:58 -05:00
parent f4ec7ba590
commit 3ee6566051
4 changed files with 65 additions and 8 deletions

View File

@ -40,10 +40,11 @@ it will be generated from a live running process, not as a result of an
exception occurring. exception occurring.
This program uses +task_for_pid()+ to access the process task port. This This program uses +task_for_pid()+ to access the process task port. This
operation may be restricted to use by the superuser or processes permitted by operation may be restricted to use by the superuser, executables signed by an
taskgated(8). Consequently, this program must normally be invoked by root. It is authority trusted by the system, and processes otherwise permitted by
possible to install this program as a setuid root executable to overcome this taskgated(8). Consequently, this program must normally either be signed or be
limitation. invoked by root. It is possible to install this program as a setuid root
executable to overcome this limitation.
This program is similar to the gcore(1) program available on some operating This program is similar to the gcore(1) program available on some operating
systems. systems.

View File

@ -92,10 +92,11 @@ with process id 'PID' instead of the current task associated with the tool. When
this option is supplied, 'COMMAND' must not be specified. this option is supplied, 'COMMAND' must not be specified.
+ +
This option uses +task_for_pid()+ to access the process task port. This This option uses +task_for_pid()+ to access the process task port. This
operation may be restricted to use by the superuser or processes permitted by operation may be restricted to use by the superuser, executables signed by an
taskgated(8). Consequently, this program must normally be invoked by root to use authority trusted by the system, and processes otherwise permitted by
this option. It is possible to install this program as a setuid root executable taskgated(8). Consequently, this program must normally either be signed or be
to overcome this limitation. invoked by root to use this option. It is possible to install this program as a
setuid root executable to overcome this limitation.
*-h*, *--show-host*:: *-h*, *--show-host*::
Shows the original host exception ports before making any changes requested by Shows the original host exception ports before making any changes requested by

View File

@ -0,0 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>SecTaskAccess</key>
<array>
<string>allowed</string>
</array>
</dict>
</plist>

View File

@ -15,6 +15,33 @@
{ {
'conditions': [ 'conditions': [
['OS=="mac"', { ['OS=="mac"', {
'variables': {
# Programs that use task_for_pid() can indicate to taskgated(8) in their
# Info.plist that they are allowed to call that function. In order for
# this to work, the programs in question must be signed by an authority
# trusted by the system. Signing is beyond the scope of the build, but
# the key to make this work is placed in Info.plist to enable the
# desired behavior once the tools that require this access are signed.
#
# The tools built here are flat-file executables, and are not bundled.
# To have an Info.plist, they must have a special __TEXT,__info_plist
# section. This section is created at link time.
#
# The Info.plist for this purpose is mac/sectaskaccess_info.plist and is
# referenced by OTHER_LDFLAGS. ninja runs the link step from the output
# directory such as out/Release, and requires a relative path from that
# directory. Xcode runs the link step from the directory of the
# .xcodeproj, which is the directory of the .gyp file.
'conditions': [
['GENERATOR=="ninja"', {
'sectaskaccess_info_plist':
'../../tools/mac/sectaskaccess_info.plist',
}, { # else: GENERATOR!="ninja"
'sectaskaccess_info_plist': 'mac/sectaskaccess_info.plist',
}],
],
},
'targets': [ 'targets': [
{ {
'target_name': 'tool_support', 'target_name': 'tool_support',
@ -61,6 +88,14 @@
'sources': [ 'sources': [
'mac/exception_port_tool.cc', 'mac/exception_port_tool.cc',
], ],
'xcode_settings': {
'OTHER_LDFLAGS': [
'-sectcreate',
'__TEXT',
'__info_plist',
'<(sectaskaccess_info_plist)'
],
},
}, },
{ {
'target_name': 'generate_dump', 'target_name': 'generate_dump',
@ -79,6 +114,14 @@
'sources': [ 'sources': [
'generate_dump.cc', 'generate_dump.cc',
], ],
'xcode_settings': {
'OTHER_LDFLAGS': [
'-sectcreate',
'__TEXT',
'__info_plist',
'<(sectaskaccess_info_plist)'
],
},
}, },
{ {
'target_name': 'on_demand_service_tool', 'target_name': 'on_demand_service_tool',