V. VashurkinmacOS Daemonologyhttps://doi.org/10.1007/978-1-4842-7277-0_15

15. XPC Security

Volodymyr Vashurkin¹

(1)

Dnipro, Ukraine

In this chapter, we will discuss some recommendations related to securing the XPC communication between processes based on code signing.

Assume your app is split into the main application and the privileged helper that performs root actions. You have users who trust you and install your software and grant it admin privileges.

But you forgot to secure the XPC connection between the main application and the privileged helper. In this case, a bad guy can use your privileged helper to perform malicious actions.

What’s the Problem?

Get macOS Daemonology: Communicate with Daemons, Agents, and Helpers Through XPC now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

macOS Daemonology: Communicate with Daemons, Agents, and Helpers Through XPC by Volodymyr Vashurkin

15. XPC Security

What’s the Problem?

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly