Is additional connection validation really necessary?

[jeff-h]

I notice you've added this as part of the Swift 4.2 upgrade:

Connection Validation Now the helper validates that the calling application is signed using the same signing certificate as the calling application to avoid a simple attack vector for helper tools.

As I understand it, the main app should only be able to communicate with the helper tool if the certificates specified in their respective plists match. Can you help me understand the need for the additional checks?

[NghiaTranUIT]

It's crucial to verify the connection before accepting it in Helper Tool. Otherwise, your Helper Tool could be exploited from attacker.

Basically, in - (BOOL)listener:(NSXPCListener *)listener shouldAcceptNewConnection:(NSXPCConnection *)connection, we have add some extra validation to verify the codesign, version, build number from the source.

Some ref:

• https://theevilbit.github.io/posts/secure_coding_privilegedhelpertools_part1/
• https://blog.obdev.at/what-we-have-learned-from-a-vulnerability/

[jeff-h]

Thanks for your reply and links — greatly appreciated! This feels like an obscure corner of macOS development, so info like you've given (and indeed this whole project) is worth its weight in gold :)