You walk into a conference and the topic is … Mach OS

I know that I’ve worked on a technology that stands the test of time if, after some 20 years, there’s still some buzz around it at a conference.

This is obviously the case of Unix.

It must be the case of Mach as well. This week, I made an appearance at Black Hat 2009 and stumbled upon a session entirely dedicated to Mach-based rootkits for Mac OS X. The presenter, Dino Dai Zovi, did a good job at describing Mach. Why would someone hack Mach nowadays? Because it’s possible and is a fun thing to do It turns out that Mach is a fairly obscure piece in the Mac OS X ensemble and makes a hacker’s maneuvers a lot less likely to be detected.

Among things, Dino talked about MiG stubs (I did a total overhaul of MiG in 1993) and Mach-O. He recreated a sort of NetMsgServer (which has never been adopted by Apple Inc. as far as I can tell) with which he can siphon or inject Mach IPC messages. In my last Mach endeavor, I created a NetMsgServer that could work over INET.

Back in the days,  Rick Rashid opened Mach conferences by saying that the Mach crowd used to fit inside an elevator.  Twenty some years later, a couple hundred people still crowd a conference room for a solid Mach speech.

I’ve had the fortune to hone my system skills on Mach 3.0 along with a terrific team at the Open Software Foundation and the proxies into the team at CMU.  I’m obviously very pleased that Mach still beats inside my home desktop, laptop, and smartphone. I believe that Dino’s public contribution makes a compelling case for code hardening and pen-testing of the venerable Mach (which I surely hope it will happen on time for Snow Leopard!).