
XNU: The Kernel (2003) - vezzy-fnord
http://osxbook.com/book/bonus/ancient/whatismacosx/arch_xnu.html
======
nickpsecurity
XNU: The story of the kernel designers that should've listened to Liedtke. ;)
It is an interesting compromise, though.

~~~
pcwalton
The Mach API honestly isn't that bad for IPC; for passing IPC channels around
between processes, I prefer it to the horrors of cmsg. It just has terrible
documentation and the interactions with the Unix subsystem are pretty bad.

~~~
comex
MIG, the RPC interface generator, is pretty nasty though, if you want to send
anything more complex than scalar parameters. For anyone who doesn't know,
Apple has sort of deprecated raw Mach in favor of XPC, a wrapper API that
sends structured data (plist/JSON-like objects, plus capabilities as an
additional data type). It's much nicer to use, but sacrifices a bit of
performance and, I'd say, somewhat increases the likelihood of security
vulnerabilities, because there's more wiggle room to send invalid data. (Until
recently, using the accessor methods for the wrong kind of object in the C
API, which uses a 'xpc_object_t' type for everything, could cause memory
corruption, which was thoroughly demonstrated by Google Project Zero. That's
been fixed, but there's still room for logic errors..)

~~~
pcwalton
Yeah, I never used the MIG part of it. For what I'm doing now, I use platform-
independent autogenerated safe serialization code and use Mach only as a low-
level transport mechanism for raw bytes and capabilities. It works fine for
that.

