Posts

Post not yet marked as solved
3 Replies
2.2k Views
Hi,I have a launchd daemon that exposes an XPC API. For security reasons, I would like to add checks to certain of my XPC API calls to ensure that the calling process belongs to a session that is attached to the physical console. I thought that I would be able to do this with libbsm, using the auditon API to request the A_GETPINFO_ADDR for the remote process. In the data returned from auditon, I look at the ap_flags member of auditpinfo_addr_t. I was hoping that for remote screen sharing sessions that the AU_SESSION_FLAG_HAS_CONSOLE_ACCESS wouldn't be present but that appears to not be the case. Remote screen sharing sessions appear to have the same session flags as a physical console user.Just so I'm clear, I have User A logged into the physical console and then User B logs in via screen sharing using a different account and doesn't take over the existing session.Is there any way that I can detect this situation?Thanks,Dustin
Posted Last updated
.