On 9 Dec 2009, at 10:18, jonat...@mugginsoft.com wrote: > The docs for execl(3) do state the convention: > > The first argument, by convention, should point to the file name associated > with the file being executed. > > This being a Cocoa list we should expect that all conventions are being > followed to the letter, by everyone, everywhere (though in this case I > wouldn't bet the farm on it).
Specifically, a potential attacker will deliberately not follow this convention. The Security Server used to get the information for the program name in this manner, which created quite an interesting vulnerability since you could get it to display an authorisation dialog with *any* name you wanted in it. I blogged about that particular security hole some time ago: <http://alastairs-place.net/2006/06/os_x_authentica_1> There are some other motivations for not following it also; since ps and top display that field as the process name, people have occasionally specified something other than the path to make the process list output more useful. Kind regards, Alastair. -- http://alastairs-place.net _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
