Any way to detect screen sharing session?

Hi,


I have a launchd daemon that exposes an XPC API. For security reasons, I would like to add checks to certain of my XPC API calls to ensure that the calling process belongs to a session that is attached to the physical console. I thought that I would be able to do this with libbsm, using the auditon API to request the A_GETPINFO_ADDR for the remote process. In the data returned from auditon, I look at the ap_flags member of auditpinfo_addr_t. I was hoping that for remote screen sharing sessions that the AU_SESSION_FLAG_HAS_CONSOLE_ACCESS wouldn't be present but that appears to not be the case. Remote screen sharing sessions appear to have the same session flags as a physical console user.

Just so I'm clear, I have User A logged into the physical console and then User B logs in via screen sharing using a different account and doesn't take over the existing session.

Is there any way that I can detect this situation?

Thanks,

Dustin

Is there any way to accomplish this? I am interested in something similar to the OP as well.
I recently researched this in detail as part of a DTS incident. The short answer is that, no, there’s no good way to identify which GUI login sessions have screen sharing attached to them. If this is critical for your product I encourage you to file an enhancement request describing your requirements.

Please post your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
I just filed an enhancement request here: FB8861692. Thank you for such a prompt response, @eskimo
Any way to detect screen sharing session?
 
 
Q