need a way to securely communicate between Priviliged Helper Tool (installed using SMJobBless) and the application

Question

I am trying to install a privileged helper tool to perform some elevated work. I am using SMJobBless for the same. I am able to install the tool fine and also able to communicate with it. I am using Mac OS X 10.8.4 and using NSXPCConnection for the same. I have added .mach service in the plist which will be installed in /Library/LaunchDaemons . I am using [initWithMachServiceName:options:] in the app as the helper is privileged tool and [– initWithMachServiceName:] in the helper to listen. The communication is working fine.

But the problem is I tried the same communication with another application I created which did not have any codesign at all (the helper tool installer earlier was codesigned). I tried to connect to the mach service of the helper tool and was able to connect easily. This is a problem because anybody can communicate with it then and make it do anything.

I wanted some way to securely communicate between my application and the helper tool.

Thanks a lot.

Answer 1

As you've said that you're not signing the second app, I believe that that is the problem that is allowing a 2nd app from calling the helper application. From the Apple docs and specifically the ReadMe file in SMJobBless, it states: -

The Service Management framework uses code signatures to ensure that the helper tool is the one expected to be run by the main application

This document should be able to assist you in getting the helper app correctly associated with its owner.

Note that it references a python script, which is provided here .

Answer 2

Answering my own question: I had logged a radar bug for the same and Apple said that the behavior was intended:

"It is up to the privileged helper to not expose insecure operations"