Sudo?

[chucker]

Having a privileged helper tool would enable a few more possibilities, such as

• flood ping (see #13)
• mtr instead of traceroute (traceroute seems to be setuid; otherwise, it, too, would require sudo)

But that's a lot of work. One path would be an installer package. Another is to have an API prompt for authorization on first use, then install a helper tool, which in turn is restricted to only do the necessary privileged things. The way to do that these days seems to be SMJobBless.

• [x] Have a separate project for the helper tool
• [x] Code-sign both the main project and the helper project
• [x] Have SMPrivilegedExecutables on the main project reference the helper
• [x] Have SMAuthorizedClients on the helper project reference the main app
• [x] The helper must be single-file, not a bundle
• [ ] Embed the Info.plist in the helper
• [ ] Also embed a launchd plist
• [ ] Implement a basic communication interface
• [ ] Talk via XPC
• [ ] Fortify against third-party code trying to talk to the helper directly (mainly: check the connecting client's bundle identifier and signature)

[chucker]

Currently blocked on xamarin-macios 13575