ADC Home > Reference Library > Reference > Mac OS X > Mac OS X Man Pages

 

This document is a Mac OS X manual page. Manual pages are a command-line technology for providing documentation. You can view these manual pages locally using the man(1) command. These manual pages come from many different sources, and thus, have a variety of writing styles.

For more information about the manual page format, see the manual page for manpages(5).


taskgated(8)              BSD System Manager's Manual             taskgated(8)

NAME
     taskgated -- task_for_pid access control daemon

SYNOPSIS
     taskgated [-ps] [-t timeout] [-i pid]

DESCRIPTION
     taskgated is a system daemon that implements a policy for the task_for_pid system service.  When the
     kernel is asked for the task port of a process, and preliminary access control checks pass, it invokes
     this daemon (via launchd) to make the decision.

OPTIONS
     -p       Accepts the old (Tiger) convention that a process with a primary effective group of procmod or
              procview is allowed to get task ports. Without this option, this legacy mode is not supported.

     -s       Allow signed applications marked as "safe" to have free access to task ports, without having
              to pass an authorization check. Note that such callers must be marked both allowed and safe.

     -t timeout
              The daemon will quit after that many seconds of inactivity. It will be relaunched by launchd
              as needed. A timeout of zero can be specified to make the daemon quit after servicing each
              request, but a small positive timeout is better for performance.

     -i pid   Inject the service port of taskgated into the process with the given pid, rather than relying
              on launchd to install it system-wide. This is for testing only, and requires the launchd con-figuration configuration
              figuration for taskgated to be removed.

AUTHORIZATION RIGHTS
     system.privilege.taskport  Authorization right used to check access of allowed (but not safe) callers.

INFO KEYS
     SecTaskAccess  A value of "allowed" is required for any program that wants access to task ports. A
                    value of "safe" bypasses authorization checks if so configured.  Code must be signed by
                    any system-trusted signing authority.

FILES
     /etc/authorization  to configure the authorization used.
     /System/Library/LaunchDaemons/com.apple.taskgated
                         startup configuration file for taskgated

SEE ALSO
     security(1), launchd(8)

HISTORY
     taskgated was first introduced in Mac OS 10.5 (Leopard).

     Certain software updates of Mac OS 10.4 (Tiger) introduced the convention requiring membership in the
     procmod or procview groups to control task port access. Before that, any process could obtain the task
     port of any other process with the same user-id.

Darwin                           April 2, 2008                          Darwin

Did this document help you?
Yes: Tell us what works for you.
It’s good, but: Report typos, inaccuracies, and so forth.
It wasn’t helpful: Tell us what would have helped.