Uninformed: Informative Information for the Uninformed

Vol 4» 2006.Jun


This paper will try to provide a basic introduction to the Mach kernel including its history and general design. From there, details will be provided about how these concepts are implemented on Mac OS X. Finally, this paper will illustrate some of the security concerns which arise when trying to mix UNIX and Mach together. In this vein, I came across an interesting quote from the Apple(.com) website[2].

``You can send messages to this port to start and stop the task, kill the task, manipulate the tasks address space, and so forth. Therefore, whoever owns a send right for a tasks port effectively owns the task and can manipulate the tasks state without regard to BSD security policies or any higher-level security policies.''

``In other words, an expert in Mach programming with local administrator access to a Mac OS X machine can bypass BSD and higher-level security features.''

Sounds like a valid model on which to build a server platform to me...