I would argue that Mach was not the source of the bug here, but rather it was the lack of an entitlement check. Entitlements are honestly a very good security system, but they are opt-in. If a daemon doesn't check entitlements, then its insecure. Don't blame the messaging mechanism, blame the way it is used.
To be honest, any sort of locked down messaging system requires more (i.e. validation of sender, etc.) than just the transfer of messages. And that's just not something you would get with a low-level communication protocol like Mach (unless Apple overhauled the MIG compiler to add entitlement checks).
Mach is fantastic when paired with entitlement checks.
To be honest, any sort of locked down messaging system requires more (i.e. validation of sender, etc.) than just the transfer of messages. And that's just not something you would get with a low-level communication protocol like Mach (unless Apple overhauled the MIG compiler to add entitlement checks).
Mach is fantastic when paired with entitlement checks.