Sudo?

Having a privileged helper tool would enable a few more possibilities, such as

* flood ping (see #13)
* mtr instead of traceroute (`traceroute` seems to be setuid; otherwise, it, too, would require sudo)

But that's a lot of work. [One path would be an installer package.](https://twitter.com/pmjordan/status/1483905088288665601?s=21) Another is to have an API prompt for authorization on first use, then install a helper tool, which in turn is restricted to only do the necessary privileged things. The way to do that these days seems to be [SMJobBless](https://developer.apple.com/documentation/servicemanagement/1431078-smjobbless?language=objc).

- [x] Have a separate project for the helper tool
- [x] Code-sign both the main project and the helper project
- [x] Have `SMPrivilegedExecutables` on the main project reference the helper
- [x] Have `SMAuthorizedClients` on the helper project reference the main app
- [x] The helper must be single-file, not a bundle
- [ ] Embed the Info.plist in the helper
- [ ] Also embed a launchd plist
- [ ] Implement a basic communication interface
- [ ] [Talk via XPC](https://github.com/xamarin/xamarin-macios/pull/7001)
- [ ] Fortify against third-party code trying to talk to the helper directly (mainly: [check](https://github.com/aronskaya/smjobbless/blob/master/SecuringXPCConnection.md) the connecting client's bundle identifier and signature)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Sudo? #38

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Sudo? #38

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions