Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   23457 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

taskgated(8)		  BSD System Manager's Manual		  taskgated(8)

NAME
     taskgated — task_for_pid access control daemon

SYNOPSIS
     taskgated [-ps] [-t timeout] [-i pid]

DESCRIPTION
     taskgated is a system daemon that implements a policy for the
     task_for_pid system service.  When the kernel is asked for the task port
     of a process, and preliminary access control checks pass, it invokes this
     daemon (via launchd) to make the decision.

OPTIONS
     -p	      Accepts the old (Tiger) convention that a process with a primary
	      effective group of procmod or procview is allowed to get task
	      ports. Without this option, this legacy mode is not supported.

     -s	      Allow signed applications marked as "safe" to have free access
	      to task ports, without having to pass an authorization check.
	      Note that such callers must be marked both allowed and safe.

     -t timeout
	      The daemon will quit after that many seconds of inactivity. It
	      will be relaunched by launchd as needed. A timeout of zero can
	      be specified to make the daemon quit after servicing each
	      request, but a small positive timeout is better for performance.

     -i pid   Inject the service port of taskgated into the process with the
	      given pid, rather than relying on launchd to install it system-
	      wide. This is for testing only, and requires the launchd config‐
	      uration for taskgated to be removed.

AUTHORIZATION RIGHTS
     system.privilege.taskport	Authorization right used to check access of
				allowed (but not safe) callers.

INFO KEYS
     SecTaskAccess  A value of "allowed" is required for any program that
		    wants access to task ports. A value of "safe" bypasses
		    authorization checks if so configured.  Code must be
		    signed by any system-trusted signing authority.

FILES
     /etc/authorization	 to configure the authorization used.
     /System/Library/LaunchDaemons/com.apple.taskgated
			 startup configuration file for taskgated

SEE ALSO
     security(1), launchd(8)

HISTORY
     taskgated was first introduced in Mac OS 10.5 (Leopard).

     Certain software updates of Mac OS 10.4 (Tiger) introduced the convention
     requiring membership in the procmod or procview groups to control task
     port access. Before that, any process could obtain the task port of any
     other process with the same user-id.

Darwin				April 27, 2024				Darwin

Vote for polarhome