I was reviewing 3rd party application which puts a setuid executable in /Library/PrivilegedHelperTools
I'd assumed that the entire purpose of this folder was to avoid use of setuid, but the only documentation I can find on this folder is in comments in example code (SMJobBless & EvenBetterAuthorizationSample) and little official documentation.
Is there more formal documentation of what Apple were attempting to achieve with this folder and these changes (Launchd?) ?
The secure programming guide explains that setuid is deprecated for these purposes, but then explains how to use it, at best it can be said to be a little muddled. Documentation on daemon and agents don't explicitly mention this folder.
Although in fairness, I can see no reason at all why the software in question needs elevated privileges at all, but if I'm to query it, it would be nice to have clear, well written documentation from Apple to refer to.