Post

Replies

Boosts

Views

Activity

Reply to How much practical benefit is there to XPC-based privilege separation?
I was about to respond in a similar fashion. An exploit is typically considered a binary operation. The app is either secure or exploited. XPC Services make that a floating point. The app can be partially exploited, on either the main or the XPC side(s). That both limits the risk and increases the cost of the exploit. However, then you mentioned daemons. That's something completely different. XPC is many different things. It is a communication protocol that can be used by both XPC services and daemons. But XPC services are not the same thing as daemons. XPC services are easy to use and deploy. They give you some flexibility with sandboxing. But there's nothing easy about daemons, including The XPC communication.
Topic: Privacy & Security SubTopic: General Tags:
5h
Reply to How much practical benefit is there to XPC-based privilege separation?
I was about to respond in a similar fashion. An exploit is typically considered a binary operation. The app is either secure or exploited. XPC Services make that a floating point. The app can be partially exploited, on either the main or the XPC side(s). That both limits the risk and increases the cost of the exploit. However, then you mentioned daemons. That's something completely different. XPC is many different things. It is a communication protocol that can be used by both XPC services and daemons. But XPC services are not the same thing as daemons. XPC services are easy to use and deploy. They give you some flexibility with sandboxing. But there's nothing easy about daemons, including The XPC communication.
Topic: Privacy & Security SubTopic: General Tags:
Replies
Boosts
Views
Activity
5h