Mac Developer Library Developer


This manual page is for Mac OS X version 10.9

If you are running a different version of Mac OS X, view the documentation locally:

  • In Terminal, using the man(1) command

Reading manual pages

Manual pages are intended as a quick reference for people who already understand a technology.

  • To learn how the manual is organized or to learn about command syntax, read the manual page for manpages(5).

  • For more information about this technology, look for other documentation in the Apple Developer Library.

  • For general information about writing shell scripts, read Shell Scripting Primer.

taskgated(8)              BSD System Manager's Manual             taskgated(8)

     taskgated -- task_for_pid access control daemon

     taskgated [-ps] [-t timeout] [-i pid]

     taskgated is a system daemon that implements a policy for the task_for_pid system service.  When the
     kernel is asked for the task port of a process, and preliminary access control checks pass, it invokes
     this daemon (via launchd) to make the decision.

     -p       Accepts the old (Tiger) convention that a process with a primary effective group of procmod or
              procview is allowed to get task ports. Without this option, this legacy mode is not supported.

     -s       Allow signed applications marked as "safe" to have free access to task ports, without having
              to pass an authorization check. Note that such callers must be marked both allowed and safe.

     -t timeout
              The daemon will quit after that many seconds of inactivity. It will be relaunched by launchd
              as needed. A timeout of zero can be specified to make the daemon quit after servicing each
              request, but a small positive timeout is better for performance.

     -i pid   Inject the service port of taskgated into the process with the given pid, rather than relying
              on launchd to install it system-wide. This is for testing only, and requires the launchd con-figuration configuration
              figuration for taskgated to be removed.

     system.privilege.taskport  Authorization right used to check access of allowed (but not safe) callers.

     SecTaskAccess  A value of "allowed" is required for any program that wants access to task ports. A
                    value of "safe" bypasses authorization checks if so configured.  Code must be signed by
                    any system-trusted signing authority.

     /etc/authorization  to configure the authorization used.
                         startup configuration file for taskgated

     security(1), launchd(8)

     taskgated was first introduced in Mac OS 10.5 (Leopard).

     Certain software updates of Mac OS 10.4 (Tiger) introduced the convention requiring membership in the
     procmod or procview groups to control task port access. Before that, any process could obtain the task
     port of any other process with the same user-id.

Darwin                         October 11, 2013                         Darwin

Reporting Problems

The way to report a problem with this manual page depends on the type of problem:

Content errors
Report errors in the content of this documentation with the feedback links below.
Bug reports
Report bugs in the functionality of the described tool or API through Bug Reporter.
Formatting problems
Report formatting mistakes in the online version of these pages with the feedback links below.