com.apple.security.cs.debugger entitlement vs task_for_pid-allow

Question

Created Jul ’23

Replies 3

Boosts 0

Participants 2

Hi, I'd like to understand better the differences between the entitlements "com.apple.security.cs.debugger" and "task_for_pid-allow."

According to documentation, both entitlements authorize the application to call "task_for_pid()."

Is that correct?

What are the limitations that differentiate these entitlements?

Will the application be able to call "task_for_pid()" for any third-party and unsigned application?

Or are there any other conditions? (such as specific entitlements for the target application).

Would it be necessary to run the application as root?

And lastly, I wondered if any other entitlements enable using "task_for_pid()"?

Thank you for your help!

Boost

Answer 1

DTS Engineer OP

Apple

Jul ’23

According to documentation …

Can you point me to the documentation you’re working from here?

Also, what are you trying to do with task_for_pid?

For context, unless you’re building a developer tool, like a debugger, any product you base on task_for_pid is likely to encounter ongoing compatibility problems.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

agabay OP

Jul ’23

Hi, thank you for your response. Here is a link to the documentation I used: https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_debugger Here it says that using this entitlement, we can execute `task_for_pid.

I don't understand if that's the case; how do these two entitlements differentiate?

And can you please explain what you mean by ongoing compatibility problems? Thank you

0

Answer 3

DTS Engineer OP

Apple

Jul ’23

And can you please explain what you mean by ongoing compatibility problems?

task_for_pid is a very powerful API. It effectively allows you complete control over the target process.

Over the years folks have used this power for various purposes that Apple is not interested in supporting. In response, Apple has changed the task_for_pid security policy to restrict its utility to the one remaining valid case, developer tools.

If you use it for anything else, it’s likely that your use case will be blocked by the current security policy but, if not, it may well be blocked by future changes to that policy.

So, what do you plan to do with task_for_pid?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0