Manual Pages for UNIX Darwin command on man taskgated

taskgated(8) BSD System Manager's Manual taskgated(8)

NAME

ttaasskkggaatteedd - taskforpid access control daemon

SYNOPSIS

ttaasskkggaatteedd [-ppss] [-tt timeout] [-ii pid]

DESCRIPTION

ttaasskkggaatteedd is a system daemon that implements a policy for the taskforpid system service. When the kernel is asked for the task port of a process, and preliminary access control checks pass, it invokes this daemon (via launchd) to make the decision. OOPPTTIIOONNSS

-pp Accepts the old (Tiger) convention that a process with a primary

effective group of procmod or procview is allowed to get task ports. Without this option, this legacy mode is not supported.

-ss Allow signed applications marked as "safe" to have free access

to task ports, without having to pass an authorization check. Note that such callers must be marked both allowed and safe.

-tt timeout

The daemon will quit after that many seconds of inactivity. It will be relaunched by launchd as needed. A timeout of zero can be specified to make the daemon quit after servicing each request, but a small positive timeout is better for performance.

-ii pid Inject the service port of ttaasskkggaatteedd into the process with the

given pid, rather than relying on launchd to install it system-

wide. This is for testing only, and requires the launchd config-

uration for ttaasskkggaatteedd to be removed. AUTHORIZATION RIGHTS system.privilege.taskport Authorization right used to check access of allowed (but not safe) callers. IINNFFOO KKEEYYSS SecTaskAccess A value of "allowed" is required for any program that wants access to task ports. A value of "safe" bypasses authorization checks if so configured. Code must be

signed by any system-trusted signing authority.

FILES /etc/authorization to configure the authorization used.

/System/Library/LaunchDaemons/com.apple.taskgated

startup configuration file for ttaasskkggaatteedd