Add support for modern OSX

[tmm1]

Uses https://github.com/rentzsch/mach_override to get things working again.

Verified on 10.11 El Capitan, although it appears DYLD_INSERT_LIBRARIES will not work against anything in /bin or /usr/bin. User-compiled binaries (such as homebrew packages in /usr/local) work as expected.

$ authbind /usr/bin/nc -l 82
nc: Permission denied

$ brew install netcat
$ authbind /usr/local/bin/nc -l 82
# success!

[tmm1]

Similarly:

$ authbind --deep /usr/bin/python -m SimpleHTTPServer 82
socket.error: [Errno 13] Permission denied

$ brew install python3
$ authbind --deep /usr/local/bin/python3 -m http.server 82
Serving HTTP on 0.0.0.0 port 82 ...

[tmm1]

Unfortunately this also means that most shell scripts/wrappers will not work with authbind, since they'll use /bin/sh or /bin/bash which won't pass DYLD_INSERT_LIBRARIES onto child processes.

[tmm1]

It appears that master also works just as well when you take into account the caveats about system-binaries above. I'm going to rip out the mach_override dependency to keep things simple

[tmm1]

The diff here is tiny now, and contains only a small feature to print a warning when you've forgotten to setuid the helper.

The caveat regarding DYLD_INSERT_LIBRARIES mentioned above appears to be new to OSX 10.11.

[tmm1]

System Integrity Protection

A new security policy that applies to every running process, including privileged code and code that runs out of the sandbox. The policy extends additional protections to components on disk and at run-time, only allowing system binaries to be modified by the system installer and software updates. Code injection and runtime attachments to system binaries are no longer permitted.

https://developer.apple.com/library/prerelease/mac/releasenotes/MacOSX/WhatsNewInOSX/Articles/MacOSX10_11.html#//apple_ref/doc/uid/TP40016227-DontLinkElementID_17

If there's a way to detect that this is enabled and a system binary is being invoked, maybe we can print a warning to the user.