Niko’s Tales of Zürich and Elsewhere

This is a post for geeks with an intel mac only, sorry…

I found when upgrading to my intel mac that a number of features from VirtueDesktops no longer worked properly. I figured this was a bug in that program, but the truth it’s because of a new security feature from apple. You can read more about this here, but the short summary is that newer macs don’t permit applications to inject code into other processes anymore unless they are part of a special group called procmod.

Unfortunately, some programs, like VirtueDesktops, used that ability for good and not for evil. The suggestion on the link above is to add yourself to the procmod group. I decided I didn’t like that solution, because it seemed rather expansive — there does seem to be a legitimate security hole there.

My alternative is just to add VirtueDesktops to the procmod group. The way that I did this was like so (it requires the terminal):

• Find the actual binary you want to grant these abilities. In my case, that was located at: /Applications/VirtueDesktops.app/Contents/MacOS
• Change its group to be procmod like so: cd /Applications/VirtueDesktops.app/Contents/MacOS ; sudo chgrp procmod VirtueDesktops
• Enable the set-group-ID-on-execute bit like so: sudo chmod 2755 VirtueDesktops
• Restart VirtueDesktops. Voila.

What would be cool is to write a simple application for doing this, rather than requiring the terminal. Perhaps if there is interest, or I get really bored…

This entry was posted on Sunday, June 4th, 2006 at 4:19 am and is filed under Geekery. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.