Someone pinged me about this during an Ask DTS session yesterday so I thought I’d post a quick update. In recent releases we’ve tweaked the security model of both macOS and authorisation plug-ins considerably. The good news is that this has improved the debugging story.
To debug a plug-in on 10.15 and later:
-
Set up a ‘victim’ machine. In some cases you may need to use real hardware, but in most cases you can get away with using a VM.
-
Disable System Integrity Protection (SIP).
WARNING Disabling SIP reduces the security of your Mac. Do not disable SIP on a machine you use day-to-day. Rather, only disable SIP on a victim machine.
-
SSH into the victim machine.
-
Run LLDB as root:
% sudo lldb
-
Attach to the process that’s hosting the plugin:
(lldb) process attach -p 1729
It’s best to target the process using its process ID rather than name. It’s not uncommon for there to be multiple instances of the authorization plug-in host process running concurrently.
The process hosting your plug-in varies by plug-in configuration and OS version:
macOS | Architecture | Non-Privileged | Privileged |
..<10.14 | Intel | SecurityAgent | authorizationhost |
10.14..<11.0 | Intel | SecurityAgentHelper | authorizationhosthelper |
11.0... | Intel | SecurityAgentHelper-x86_64 | authorizationhosthelper.x86_64 |
| Apple silicon | SecurityAgentHelper-arm64 | authorizationhosthelper.arm64 |
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"