The First Launch of the Application

When you launch Hardware Monitor Remote for the first time, it will automatically integrate into the security model of macOS. This is necessary because the application can be used to perform critical operations in macOS, in particular, to provide a network service that publishes information about your computer to others. Only responsible system administrators which manage the computer’s installation should be allowed to perform such actions.

For this reason, Hardware Monitor Remote contains a safeguard which communicates with the security features of macOS. Under normal circumstances, Hardware Monitor Remote is restricted to behave like a normal user program and does not have any extended privileges. For example, it cannot use any system features which could affect more than the current user. However, certain maintenance functions require that Hardware Monitor Remote is allowed to act for the whole computer and all users. In this case, the built-in safeguard of Hardware Monitor Remote requests permission from macOS to temporarily use a system feature which needs extended privileges. As response to this request, macOS will completely “freeze” Hardware Monitor Remote and open a password entry panel in which you’ll have to enter a valid password for one of the system’s administrators. If the password is correct, macOS will allow Hardware Monitor Remote to continue and to execute the requested action. If the password was wrong, Hardware Monitor Remote will also continue, but will additionally receive the response that the permission was not granted and the current request is rejected. In that case, Hardware Monitor Remote cannot perform the action currently selected. With this design, it becomes impossible that an unauthorized person could misuse an application like Hardware Monitor Remote.

To further enhance security, the application additionally uses the concept of multi-tier privilege separation. When an operation with extended privileges needs to be executed, it won’t be the main application itself contacting macOS to ask for permission. Instead, two auxiliary programs, the privilege requestor and the privileged helper, each with specific rights independent of the main program, will fulfill the job. This way, a theoretical security breach in one of these components cannot easily spread into other parts of Hardware Monitor Remote. The following picture shows the overall design. All three components communicate on secure channels under supervision of macOS.

Security architecture for the execution of privileged operations
Security architecture for the execution of privileged operations

These policies strictly comply with Apple’s software guidelines for system utilities. Note that Hardware Monitor Remote doesn’t even “see” the administrator password when it is entered. All security-related interactions are directly handled and monitored by macOS. So even in the unlikely case a computer virus would attack Hardware Monitor Remote, trying to “eavesdrop” on your password entry in an attempt to store and steal the password, it would have no success, because only the specially protected core of macOS actually receives and checks the entered password information.

The first password entry is requested by macOS when you start Hardware Monitor Remote for the first time. This allows the tool to form the aforementioned trust relationship and protection mechanisms. Other password requests will follow as soon as you start an operation which needs extended privileges.

All mentioned security features are exclusively controlled by macOS. They have nothing to do with the registration or licensing of the software, but they are needed to avoid security holes in the operating system.

macOS automatically ensures that the user doesn’t need to enter the password too often. After a password has been entered, macOS will “trust” all applications started by the same user for an interval of 5 minutes.

The paragraphs below contain information for experienced system administrators. You can skip them during first reading.

Technical Details for Advanced Users

The security component will be installed into the folder /Library/PrivilegedHelperTools which is Apple’s recommended folder to be used for such utility programs. The name of the component is com.bresink.system.privilegedhelper-hwm. macOS will automatically launch and quit this program as needed, avoiding to let it run as a background service for an extended period of time.

You can choose to remove the security tool at any time without any traces. In this case Hardware Monitor Remote will lose its capability to access privileged system areas, so the program will be forced to shut down either. Perform the following steps to remove the component:

  1. Launch Hardware Monitor Remote if it is not running yet.
  2. Select the menu item Monitor > Remove Security Component….
  3. Follow the instructions the program is giving. The program will quit itself as last step of this operation.

Changing the Authorization Policy

Just authenticating against the user credentials of an administrator might not be enough for the situation in some large organizations. Perhaps the user should be member of another group of specially trusted staff in order to be able to perform a certain operation, or maybe some security rules should be relaxed, so that non-administrative users get access to privileged operations, too. Hardware Monitor Remote follows Apple’s guidelines to internally work with named rights for each class of operations and to register these names with the Authorization Policy Database of macOS. This way, advanced administrators can fine-tune rights in the policy database as needed, connecting rights to specified authentication mechanisms. Details can be found in a separate chapter.