Launchd

Launchd #

 full_path = "/sbin/launchd"
 runs_as = "root"
 pid = "1"

launchd is the first process loaded by the kernel also known as an init system. It is responsible to launch and manage processes running on the device.

It does more than an original UNIX init system would do.

Amongst other things it:

  • Loads processes configuration and launches them on boot or when needed
  • Relaunches specific processes if these have crashed
  • Has XPC, sockets capabilities
  • cron like periodic tasks

The configuration of the numerous agents and daemons are stored in proprietary .plist files, one of these configurations is the user the child process will run as.

Thanks to its modularity and interaction with other processes, it can be expanded with plugins to handle tasks of interest to us as an example is monitoring events such as memory corruption.