August 7, 2007

Turning off mDSNResponder

Category: Uncategorized,UNIX Security — Raffael Marty @ 12:58 am

I thought I’d already disabled mDNSResponder when I did some basic hardening of my Laptop. Turns out that when Marty (no, I am not refereing to myself in the third person) asked me whether I disabled it and I checked again, it was really not. Maybe I just killed the process, but here is how to really disable that service:

Launch the following command

sudo launchctl unload /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

The next step is turning off the mDNSResponder at startup. And where do you do that? As I am not really confident getting online here at BlackHat, I decided to just look around on the hard drive and what I found was that you could probably just change an entry in the /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist file:

<key>OnDemand</key>
<false></false>

Replace false with true. Do you notice something? Someone really knew XML. Darn it. Two elements. One being the key, the other one being the value. Ever heard of attributes in XML? To whoever built this, this is how I would write the entry:

Or even better, re-architect the entire XML file to actually make sense!

I just now found the real way to actually disable the service by using the -w flag on the launchctl command from above. That will turn the process off permanently. A good reference is here.

« Mac OS X – Really Just FreeBSD ?   BaySec – Next Meeting August 20th »

2 Comments »

  1. Hey Raffy,

    The XML you saw is Apple’s “property list” format, more commonly known as plist. It’s awful as XML, but it really was designed as an object serialization format, and not as proper XML. Almost every single preferences/properties/configuration file in MacOSX is in that format. You can use the “Property List Editor” application (in Applications/Utilities) to edit them. Some plist files are in a binary representation, which can be converted to the XML one using the plutil command.

    There’s an XSL transformation you can use to convert plist files to proper XML here: http://www.xmldatabases.org/WK/blog/1086?t=item

    Comment by Diego — August 7, 2007 @ 5:39 pm

  2. I actually just realized that turning off my mDNSResponder breaks printing ;( Maybe I’ll have to figure out how to use another protocol for printing. Not sure if that is supported by my IT team.

    Comment by Raffael Marty — August 10, 2007 @ 12:54 pm

RSS feed for comments on this post. | TrackBack URI

Leave a comment

XHTML ( You can use these tags): <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> .