Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Apple Adds Memory Randomization To Leopard

Posted by kdawson on Thu Oct 18, 2007 08:37 AM
from the shuffling-the-wormholes dept.
Security Businesses OS X Operating Systems Apple
.mack notes a ZDNet blog outlining some of the security features added to OSX Leopard (10.5). Here's Apple's brief description of all 11 new security features. "Apple has announced plans to add code-scrambling diversity to Mac OS X Leopard, a move aimed at making the operating system more resilient to virus and worm attacks. The security technology, known as ASLR (address space layout randomization), randomly arranges the positions of key data areas to prevent malware authors from predicting target addresses. Another new feature coming in Leopard is Sandboxing (systrace), which limits an application's access to the system by enforcing access policies for system calls."
+ -
story

Related Stories

Firehose:Apple Adds Memory Randomization (ALSR) to Leopard by Anonymous Coward
[+] A Closer Look At Apple Leopard Security 267 comments
Last week we discussed some of the security features coming in Leopard. This article goes into more depth on OS X 10.5 security — probably as much technical detail as we're going to get until the folks who know come out from under their NDAs on Friday. The writer argues that Apple's new Time Machine automatic backup should be considered a security feature. "Overall, Mac OS X 10.5 Leopard is perhaps the most significant update in the history of Mac OS X — perhaps in the history of Apple — from a security standpoint. It marks a shift from basing Macintosh security on hard outside walls to building more resiliency and survivability into the core operating system."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Apple Adds Memory Randomization To Leopard 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Woo! (Score:4, Funny)

    by gazbo (517111) on Thursday October 18 2007, @08:39AM (#21023283)
    Apple is finally catching up with BSD, Linux and Vista!

    • Re:Woo! (Score:5, Insightful)

      by suv4x4 (956391) on Thursday October 18 2007, @09:47AM (#21023957)
      Apple is finally catching up with BSD, Linux and Vista!

      Hehe, you were modded +5 Funny, but if it was the other way around:

      "Vista is finally catching up with BSD, Linux and OSX!"

      You would be modded +5 Insightful... Where are the scores of Microsoft fanboys bashing Apple, damn it!

      • Re:Woo! (Score:5, Informative)

        by bunratty (545641) on Thursday October 18 2007, @09:34AM (#21023797)
        As far as I can tell, even the Linux kernel doesn't have memory randomization. You need a patch like PaX [wikipedia.org] to get that feature.

      • Re:Woo! (Score:5, Funny)

        by jsiren (886858) on Thursday October 18 2007, @10:10AM (#21024247) Homepage
        Even I have a random memory!

        • Re:Woo! (Score:5, Informative)

          by bzzzt (313005) on Thursday October 18 2007, @10:06AM (#21024169)

          Microsoft definitely has something going on with .NET code though. The kind of security you can get there can't be compared with anything you can do on the software or even hardware level, with pure unmanaged code.

          Nice to hear those Microsoft people are about to catch up with the Java sandbox model from 1997 ;)

            • Re:Woo! (Score:5, Informative)

              by shmlco (594907) on Thursday October 18 2007, @11:50AM (#21025917) Homepage
              "DVD Player.app won't skip past things that the movie studios put on the DVD..."

              True. In order to license the codecs and software needed to play DVDs legally a DVD Player has to honor the DVD player spec, which means honoring the stupid "operation not allowed" messages embedded in the DVDs.

              • Re:Woo! (Score:5, Informative)

                by shelterpaw (959576) on Thursday October 18 2007, @01:47PM (#21028129)
                Easy enough to write an applescript to bypass that, which I've done. It's ugly, but it works and you can add it to your dvd applescript menu:

                tell application "DVD Player"
                activate
                set viewer full screen to true
                try -- use try to bypass the FBI warning, menu's etc.
                play dvd
                set title to 1
                set chapter to 1
                end try
                (* The following will wait for DVD's that refuse to bypass the intro's and jump to the beggining. Annoying!*)<br>
                delay [3]
                if title is not equal to 1 then
                repeat until active dvd menu is equal to main
                go to main menu
                delay [15]
                end repeat
                go return to dvd
                end if
                (* The following will be used for odd dvd's like Questar Documentarys's they don't start with the standard title, they start with title 2 or something different. *)
                delay [30]
                set oddTitle to 2
                -- check to see if we're still on the main menu page
                if dvd menu active is equal to true then
                repeat until dvd menu active is equal to false
                set title to oddTitle
                set oddTitle to oddTitle + 1
                end repeat
                end if
                end tell

  • obligitary troll (Score:4, Funny)

    by pat mcguire (1134935) <.ude.aibmuloc. .ta. .9112mjp.> on Thursday October 18 2007, @08:40AM (#21023297)
    If only this broke bootcamp compatibility - then they'd really prevent viruses.

  • Cool, but even better... (Score:5, Interesting)

    by Just Some Guy (3352) <kirk+slashdot@strauser.com> on Thursday October 18 2007, @08:43AM (#21023311) Homepage Journal

    From the changelog [apple.com]:

    CalDAV Group Scheduling
    Schedule a meeting with colleagues, check availability, and book conference rooms when using iCal with a compatible CalDAV server like iCal Server.

    Reserve Rooms and Equipment
    Reserve meeting rooms and equipment as you create your meeting invitations. If your calendar is administered through a CalDAV server, iCal automatically displays availabilities when you add a room or resource to your meeting.

    It sounds like a high-level player finally decided to take on Exchange. My biggest questions: are there Windows programs that support these features via CalDAV, and is there a CalDAV server in FreeBSD's ports?

    • Re:Cool, but even better... (Score:5, Informative)

      by link915 (900930) on Thursday October 18 2007, @09:08AM (#21023547) Homepage
      Currently no viable solution exists on a Windows box. There are things like Sunbird and Yagoon but they don't work well with Outlook (i.e. no real integration). Currently there is a project called Open Connector that exists to bring caldav support to Outlook. It is quickly reaching beta but the main developer needs help. I am pitching in and hope that others will as well. Check it out at http://www.openconnector.org./ [www.openconnector.org]

      Also, the calendar server that is used in Leopard is nothing more than the open-source Darwin calendar server at http://trac.calendarserver.org/projects/calendarserver [calendarserver.org]

      So, although nothing exists in ports that I can find you can run the Darwin calendar server on FreeBSD.

    • Re:Even Windows does this (Score:4, Insightful)

      by BadAnalogyGuy (945258) <BadAnalogyGuy@gmail.com> on Thursday October 18 2007, @08:50AM (#21023375)
      It works like this: Everyone cheers on the guy that they like and boo the guy they don't like, but in the end they are having beers with the winner who is pretty much never the guy that they like.

      Just look at the U.S. election this year. Everyone and their brother loves Colbert because he is cool and hip and represents a stick in the eye to every other goddamned POLITICIAN out there who can't help but pander to big money and special interest groups. But come election day, it ain't OSX you're putting on your servers.

      Know what I mean?

    • Re:Even Windows does this (Score:5, Informative)

      by Just Some Guy (3352) <kirk+slashdot@strauser.com> on Thursday October 18 2007, @08:53AM (#21023397) Homepage Journal

      From your Wikipedia link:

      ASLR is enabled by default in Linux since 2.6.20

      Since that release was made on 2007-02-05, you could more accurately say that "Linux, of course, has been doing it for months". OpenBSD didn't even really get a strong version of it until 3.8 [openbsd.org], and that wasn't quite 2 years ago. It sounds like Windows had problems [zdnet.com] with it as recently as February 2007, but maybe that's fixed now.

      This is still fairly cutting-edge stuff. It's not like they just now implemented memory protection for the first time.

  • These are just bandaids (Score:4, Insightful)

    by Cthefuture (665326) on Thursday October 18 2007, @08:55AM (#21023409)
    All measures like this are just bandaids and may in fact open up more holes because it adds complexity to an already complex beast.

    There is just no way to do this in software. The future is going to be implementing these types of features in well proven hardware. Things like the no-execute bit, virtualization extensions and such are steps in the right direction but eventually I think we will see some really good security measures put into hardware.

    • Re:These are just bandaids (Score:5, Informative)

      by _merlin (160982) on Thursday October 18 2007, @09:15AM (#21023605) Homepage Journal
      Eventually? Look back at the past! IBM System/390 mainframes (and the zSeries derived from it) have all those features in hardware. Array overrun? Hardware exception. Integer overflow? Hardware exception. Touch memory you deallocated? Hardware exception. ALU produces a spurious result? System picks it up because it runs all the code on at least two cores, and the same fault is unlikely to occur in two cores simultaneously - operation is retried on two more cores to determine which of the two original cores was correct, and the failing core is taken out of service.

      You know why we don't do all that in hardware in PCs? Because it requires a huge amount of silicon. Sure, it's great. You learn good programming practices, because you can't get away with slipping even a little. But it costs a lot, gets hot, and goes slow. PCs are meant to be a good enough and cheap enough solution - not necessarily the best solution.

  • Trend (Score:5, Funny)

    by MadMacSkillz (648319) on Thursday October 18 2007, @09:44AM (#21023917) Homepage
    There is a trend emerging, ever so slowly... It used to be Mac users attacking Windows users... More and more I'm starting to hear Windows users attacking Mac users. Fortunately, so long as the argument is "Mac is gay," I don't really feel like Mac users need to bother responding. Linux I respect, though... because once I'm in the command line, it's just like OS X. (ducks)

  • Sandboxing != Systrace (Score:5, Informative)

    by plsuh (129598) <plsuh.goodeast@com> on Thursday October 18 2007, @10:17AM (#21024341) Homepage

    Another new feature coming in Leopard is Sandboxing (systrace), which limits an application's access to the system by enforcing access policies for system calls

    Folks,

    Just FYI, the sandboxing in Leopard is not systrace. Systrace is vulnerable to race conditions -- see Robert Watson's paper "Exploiting Concurrency Vulnerabilities in System Call Wrappers" [lightbluetouchpaper.org]. I asked him about this at WWDC, and he told me that Leopard's sandboxing is based on a different technology and is not vulnerable to the same attacks.



    --Paul

    • Re:Pre-Binding? (Score:4, Informative)

      by dreamchaser (49529) on Thursday October 18 2007, @09:13AM (#21023581) Homepage Journal
      The OS knows where it's bits and pieces are and anyone using published API's will be fine; it's rather transparent to the programmer. Where you'll run afoul is if you are trying to directly access a 'known' code entry point illicitly, without going through the proper channels via the OS. This is why it is a step that can help prevent some types of attacks.

      It's still a bandaid though, just as it is in every other OS that's implemented it (pretty much everything OTHER than OS X has a form of this already).

      • crash logs (was Re:ASLR == Windows Feature...) (Score:5, Interesting)

        by WillAdams (45638) on Thursday October 18 2007, @09:28AM (#21023731) Homepage
        When I first started using Quark XPress 6.5 in Mac OS X here at my new job, it took a while to work out the kinks for a rather complex project (doing layout for a journal w/ a 24 hr. turn-around), to the point that I actually put up a ``crash log'' outside of my cubicle, so that people could gauge my mood before entering. It's been a year now, and while I've gotten the project in question worked out (had to train myself _never_ to undo re-sizing a text box &c.), the totals might be interesting to people:

        2006:
        Quark XPress: 207 crashes (as many as 9 per day)
        Adobe Illustrator: 25
        InDesign: 35
        PhotoShop: 15
        Acrobat: 65
        Microsoft Word: 23
        Macromedia FreeHand: 9
        Mac OS X: 14 (this includes Mac OS X apps like Mail.app and Safari.app)

        The totals for this year are a bit more reasonable --- Quark XPress v6.5: 26, v7: 46 (I had to move the afore-mentioned journal over to Quark 7 after a re-design and that involved a new set of things to work-around) --- but I find Mac OS X overall reliable and workable as an environment (thought not as nice, consistent and synergistic as NeXTstep).

        William

        • Re:ASLR == Windows Feature Since 3.1 (Score:5, Informative)

          by sith (15384) on Thursday October 18 2007, @10:17AM (#21024349)
          Seems like you might have some issues - I plug firewire drives into Tiger systems multiple times per day and have never had a crash. And even if it did, you'd get the multi-lingual "please restart" screen - I haven't seen OSX do a black screen panic since 10.1 ...

          Also, if applications are "just vanishing" on launch, you may have disabled the little popup that tells you the 'application quit, wrote a crash log, and would you like to reopen it?' ...

    • Re:Why? (Score:5, Insightful)

      by tiocsti (160794) on Thursday October 18 2007, @09:47AM (#21023965)
      "Changing the memory address layout is roughly akin to doing home security by locking different doors on different nights, but always leaving one unlocked. The would-be burglar just has to try all the doors to get in. Doing this kind of thing is trivial on a computer."

      Yes, it's just like that, except you have millions of doors, and a intruder can only try to open one door per night, and the unlocked door changes randomly every night.

      "People really need to stop adding these kinds of things that increase complexity and do not address the real issue, which in this case is access to the memory space of another application without some sort of credential or approval. When the real problem is addressed, this overly complex and fundamentally useless random memory address layout 'feature' will be left in to cause bugs and complexity forever."

      This has nothing to do with access to the memory space of another application.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.