Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Running a parser for a network protocol as root seems like a pretty unnecessarily dumb thing to do. I can't really imagine why any part of airplay would need to run as root; maybe something to do with DRM? Although the DRM daemon `fairplayd` runs as a limited-privilege user `_fpsd`, so maybe not. So bizarre that Apple makes all these cool systems to sandbox code, and creates dozens of privilege-separated users on macOS, and then runs an HTTP server doing plists parsing as an unsandboxed root process.


Apple have reworked Airplay so many times at this point the entire thing is just a massive pile of technical debt piled on another massive pile of technical debt, piled on a bunch of weird hacks to try and keep all the devices built for previous versions afloat.


At least it can be disabled via MDM/Configurator policy.


To the express benefit of all 3 Apple users that configure their devices with a PList editor.


The breaches will continue until device policy improves.


Three cheers for smart defaults!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: