Email or username:

Password:

Forgot your password?
Top-level
Sergey Bugaev

@civodul

The translator notices this and creates a new auth handle based on its idea of your effective uids/gids (see libfshelp/exec-reauth.c); and then the exec server gives the new task a fresh proc port. You cannot access the new task because of setuid/EXEC_SECURE, but as you created the executable you still control what it does.

@janneke

1 comment
Sergey Bugaev replied to Sergey

@civodul

In particular it may send its proc/auth ports back to the original task, and the original proc port may then be recovered by a simple

proc_task2proc (other_proc, mach_task_self (), &my_proc)

The exact auth port I don't think can be recovered, but at least you now have another auth port with your effective uids/gids.

@janneke

Go Up