Apple Adds Memory Randomization To Leopard 311
.mack notes a ZDNet blog outlining some of the security features added to OSX Leopard (10.5). Here's Apple's brief description of all 11 new security features. "Apple has announced plans to add code-scrambling diversity to Mac OS X Leopard, a move aimed at making the operating system more resilient to virus and worm attacks. The security technology, known as ASLR (address space layout randomization), randomly arranges the positions of key data areas to prevent malware authors from predicting target addresses. Another new feature coming in Leopard is Sandboxing (systrace), which limits an application's access to the system by enforcing access policies for system calls."
Even Windows does this (Score:5, Informative)
Re:Even Windows does this (Score:5, Informative)
From your Wikipedia link:
Since that release was made on 2007-02-05, you could more accurately say that "Linux, of course, has been doing it for months". OpenBSD didn't even really get a strong version of it until 3.8 [openbsd.org], and that wasn't quite 2 years ago. It sounds like Windows had problems [zdnet.com] with it as recently as February 2007, but maybe that's fixed now.
This is still fairly cutting-edge stuff. It's not like they just now implemented memory protection for the first time.
Re:Cool, but even better... (Score:3, Informative)
It looks like there are a handful of Windows apps [osafoundation.org] that support CalDAV at this time. Since it's an open standard, it shouldn't be long before more calendar apps support it. As for the server, this [wikipedia.org] is what I could find with a 10 second search. Looks promising, too.
Re:Even Windows does this (Score:1, Informative)
July 2001 was the first release with ASLR.
Re:Cool, but even better... (Score:5, Informative)
Also, the calendar server that is used in Leopard is nothing more than the open-source Darwin calendar server at http://trac.calendarserver.org/projects/calendarserver [calendarserver.org]
So, although nothing exists in ports that I can find you can run the Darwin calendar server on FreeBSD.
Re:Pre-Binding? (Score:4, Informative)
It's still a bandaid though, just as it is in every other OS that's implemented it (pretty much everything OTHER than OS X has a form of this already).
Re:These are just bandaids (Score:5, Informative)
You know why we don't do all that in hardware in PCs? Because it requires a huge amount of silicon. Sure, it's great. You learn good programming practices, because you can't get away with slipping even a little. But it costs a lot, gets hot, and goes slow. PCs are meant to be a good enough and cheap enough solution - not necessarily the best solution.
Re:Even Windows does this (Score:3, Informative)
Re:Cool, but even better... (Score:2, Informative)
According to this article [appleinsider.com], apple corporate has switched from a third party calendaring program to iCal so those feature additions make perfect sense.
from page 3:Re:Woo! (Score:5, Informative)
Re:Woo! (Score:5, Informative)
Nice to hear those Microsoft people are about to catch up with the Java sandbox model from 1997
Re:ASLR == Windows Feature Since 3.1 (Score:3, Informative)
I've never had any problems plugging a Firewire driving into a Mac. Sure that something's not dodgy at your end?
Sandboxing != Systrace (Score:5, Informative)
Another new feature coming in Leopard is Sandboxing (systrace), which limits an application's access to the system by enforcing access policies for system calls
Folks,
Just FYI, the sandboxing in Leopard is not systrace. Systrace is vulnerable to race conditions -- see Robert Watson's paper "Exploiting Concurrency Vulnerabilities in System Call Wrappers" [lightbluetouchpaper.org]. I asked him about this at WWDC, and he told me that Leopard's sandboxing is based on a different technology and is not vulnerable to the same attacks.
--Paul
Re:ASLR == Windows Feature Since 3.1 (Score:5, Informative)
Also, if applications are "just vanishing" on launch, you may have disabled the little popup that tells you the 'application quit, wrote a crash log, and would you like to reopen it?'
Re:Woo! (Score:2, Informative)
Such as?
Exactly as you stated, all modern systems have some sandboxing and security constraints. Everything that unmanaged code wants to do -- beyond simply spinning in its own little memory box -- requires the cooperation of the OS. Want to open a network socket? Ask the OS. Want to open a file in read mode? Ask the OS. Want to put something on the screen? Ask the OS. With completely unmanaged code, there is a framework for the finest granularity of security --
Which is a funny comment, really, because
Re:ASLR == Windows Feature Since 3.1 (Score:4, Informative)
Huh? When most Mac apps crash it produces that "The Application [ApplicationName] has quit unexpectedly" crashlog dialog box, where it shows you a trace and you can choose to type a friendly little note in and send it away to Apple. this thing [wikipedia.org].
I don't see it that frequently but I did find a pattern of actions that would repeatedly crash Aperture the other day, and it popped that thing up every time.
Don't know whether it only comes up for Apple applications or what (I don't think so; I remember getting it a few times when Vuescan crashed). Maybe it only comes up as a result of some types of faults, and not all of the fatal ones. But it seems to work fairly well for me.
Re:Woo! (Score:5, Informative)
True. In order to license the codecs and software needed to play DVDs legally a DVD Player has to honor the DVD player spec, which means honoring the stupid "operation not allowed" messages embedded in the DVDs.
Re:Woo! (Score:3, Informative)
I'm guessing "Well, good ideas should be shared around and used by all kinds of companies", and I agree; but why does it apply to Microsoft security and other internal OS technologies, and workspaces, etc, and not stuff Apple makes?
Re:Woo! (Score:2, Informative)
Safari asks. Most modern browsers have security settings that can do this.
It is called Little Snitch. It works great.
Nice feature, but if you were really concerned with security you would have memory encryption enabled anyhow. No problems with this when using encrypted memory.
Public Key signing anyone? This has been around for decades - even on OSX!
These are not things that weren't available on OSX. They weren't gaping holes. Apple just decided to make them easier for the average user by including them out of the box and beefing them up a bit where necessary (like the memory randomization).
Re:Woo! (Score:3, Informative)
File system snapshotting?
With the genius that Microsoft shows for marketing, they called the feature "Volume Shadow Copy". Steve Jobs foolishly called it "Time Machine". Everyone knows you want to label interesting features with unwieldy acronyms.
(that's sarcasm). http://en.wikipedia.org/wiki/Shadow_Copy [wikipedia.org] And yes, it's available on Win 2K and Windows XP (as of circa 2003), but wasn't included by default until Windows XP SP2.
So parent is right about memory randomization and wrong about filesystem snapshotting. 1/2. Is parent serious, I dryly ask.
Speaking as a BSD/Ubuntu/Win XP (that last for games, and certain legacy apps) fan -- in roughly that order -- Leopard will be the easiest to install, configure and use BSD going. And that's pretty tempting.
I just wish Apple permitted ordinary users to virtualize OS X on whatever hardware they wanted.
-Holmwood.
Re:Woo! (Score:3, Informative)
Of course, both of these statements are wrong. Lisp machines had finer grained authority management, as did earlier capability hardware (tagging down to the word level); we're talking technology from the 70s and 80s here which can surpass the capabilities of new millennium technology.
Typed Assembly Languages are "unmanaged code", ie. raw assembly, but are accompanied with a proof certificate proving various properties of the assembly code, including memory safety and beyond. This is more recent work under the banner of "proof carrying code". This counts as a software technique which is superior to
I like
Re:Woo! (Score:5, Informative)
Re:Woo! (Score:1, Informative)
In my opinion it's better to keep this out of the kernel, even. It's better not to over complicate it.
Note that some software breaks when you introduce randomized memory addresses (two examples off the top of my head: clisp, gcc's precompiled headers). If you implement the changes in userland rather than in the kernel, you can still run this software by linking to a different set of routines. (This is done in OpenBSD's port of clisp, for example.)
Re:Woo! (Score:3, Informative)
Re:Woo! (Score:2, Informative)
Mind telling us what those restrictions are? So far as I can tell, iTunes has no restrictions unless you choose to buy restricted (DRMed) content. My solution is to not buy DRMed content...
After one too many inappropriate trailers on DVD's that my family was unable to skip, DVD app is no longer in use.
You have the MPAA to thank for that, not Apple. Any company which wishes to create a DVD player (or DVD player app for a computer) through the normal, fully legal route has to sign up to enforce all the restrictions the MPAA wants to shove down your throat... one of which is that the player must honor disabling of navigation controls by the DVD. (That is, DVD authors can selectively disable navigation controls for specific content on the DVD.) The reason for this was originally just to force you to watch the copyright warning when you stick the disc in, but it's now also being used to force you to watch trailers. Once again, blame the MPAA (and content producers who abuse the feature) for this, not Apple: if Apple didn't go along, they wouldn't get a license for any of the IP involved in playing back a DVD, a CSS decryption key, and so forth.
You may have found other apps which play DVDs and do not enforce these restrictions. I am reasonably certain that all of these apps are not properly licensed, and are built on the technique of using the known methods for attacking CSS encryption. For obvious reasons, a big corporation like Apple is not going to do anything legally questionable like that.
By the way, something you may be interested in: in the past people have written patchers for DVD Player.app to hack it so navigation controls are always enabled. I have no idea whether they're still being updated for current versions.