I have a requirement to bind a "server type" application to a privileged port (<1024) on OS X 10.6 and higher. The application is normally executed by a user who doesn't have root privileges.
Having read through many threads on this site I found this option to be the most current and secure way:
1) write a helper app to open the privileged port.
2) use SMJobBless to "install" the helper app to launchd.
3) call the helper app from main app (via IPC) to retrieve the opened privileged port.
From Apple documentation:
Because launchd itself runs as the root user, if your only reason for using a privileged process is to run a daemon on a low-numbered port, you can let launchd open that port on your daemon’s behalf and pass the open socket to your daemon, thus eliminating the need for your code to run as the root user.
I'm not running a daemon just a user app but the same principles apply.
I have found the code example for SMJobBless and read Nathan de Vries' blog. (can't use XPC - not available on OSX 10.6).
I'm pretty clear on the SMJobBless / launchd coding.
My Question: Please point me to code example that demonstrates how to open a port in another application (i.e. helper) and pass a port handle (CFSocketRef?) back to the main application. Maybe someone can point me to a code example that implements this via SMJobBless.
Many Thanks
