I'm adding an embedded XPC service to a Safari Extension to handle some user sensitive data. I've been reading anything I can get my hands on, and I know that since the service is private, no other process besides my extension should be able to connect to it. That's great.
However, I want to be sure that the channel is safe from man in the middle attacks. Digging in, the output of sudo launchctl procinfo <pid>
has among other things, an address to a Unix socket under SSH_AUTH_SOCK
. I'm wondering if Unix file sockets are the underlying technology used to deliver these XPC messages, are the payloads encrypted, and if those messages can be intercepted.
I'm using the NSXPXConnection API, rather than the lower-level XPC API, if that makes a difference.