Apple Adds Memory Randomization To Leopard 311
.mack notes a ZDNet blog outlining some of the security features added to OSX Leopard (10.5). Here's Apple's brief description of all 11 new security features. "Apple has announced plans to add code-scrambling diversity to Mac OS X Leopard, a move aimed at making the operating system more resilient to virus and worm attacks. The security technology, known as ASLR (address space layout randomization), randomly arranges the positions of key data areas to prevent malware authors from predicting target addresses. Another new feature coming in Leopard is Sandboxing (systrace), which limits an application's access to the system by enforcing access policies for system calls."
Re:Even Windows does this (Score:4, Insightful)
Just look at the U.S. election this year. Everyone and their brother loves Colbert because he is cool and hip and represents a stick in the eye to every other goddamned POLITICIAN out there who can't help but pander to big money and special interest groups. But come election day, it ain't OSX you're putting on your servers.
Know what I mean?
These are just bandaids (Score:4, Insightful)
There is just no way to do this in software. The future is going to be implementing these types of features in well proven hardware. Things like the no-execute bit, virtualization extensions and such are steps in the right direction but eventually I think we will see some really good security measures put into hardware.
Re:Even Windows does this (Score:3, Insightful)
I'll give you that, but PaX was never accepted into the mainline kernel. That's what I was using as my criterion for "supported by Linux".
Re:Woo! (Score:3, Insightful)
Re:These are just bandaids (Score:4, Insightful)
99% of security is bandaid and "obscurity" under cover. Even cryptography with large prime numbers is just obscurity: they give you the number and if you could factor is quickly, you can break it. You just can't break it quickly yet.
Still though, it's the nature of the beast. It's in uphill battle with the hackers. Tech gets sophisticated, hackers get sophisticated, tech gets more sophisticated... It's evolution in a way.
There are very few security concepts which aren't "bandaids", for example privilege levels are such a security measure, and still, most apps that take advantage of this have a bunch of "bandaids" in them to avoid privilege escalation situations.
ASLR is a practical approach to easily calling known adresses after buffer overflow exploit. If all apps in existence made proper use of the no-execute bit and made sure not to overrun buffers in the first place, ASLR could've been useless.
OS designers though meet a world with imperfect apps, and their task is to improve security in this *existing* situation. They do good.
Re:Woo! (Score:5, Insightful)
Hehe, you were modded +5 Funny, but if it was the other way around:
"Vista is finally catching up with BSD, Linux and OSX!"
You would be modded +5 Insightful... Where are the scores of Microsoft fanboys bashing Apple, damn it!
Re:Why? (Score:5, Insightful)
Yes, it's just like that, except you have millions of doors, and a intruder can only try to open one door per night, and the unlocked door changes randomly every night.
"People really need to stop adding these kinds of things that increase complexity and do not address the real issue, which in this case is access to the memory space of another application without some sort of credential or approval. When the real problem is addressed, this overly complex and fundamentally useless random memory address layout 'feature' will be left in to cause bugs and complexity forever."
This has nothing to do with access to the memory space of another application.
Re:Woo! (Score:1, Insightful)
One reason banks run on mainframes (Score:2, Insightful)
Re:Woo! (Score:3, Insightful)
Re:Pre-Binding? (Score:3, Insightful)
Actually, I'd tend to view it as just one of a series of preventative measures that one takes in order to KEEP from getting sick. A band-aid is something you throw on AFTER you've been cut up.
And yes, we probably could do more, but not until people are willing to take a minor hit in performance in exchange for hardened security features and layers. Linux in particular tends to erupt in flame wars over just a 0.12% increase/decrease in scheduler performance. And Window's folk won't give up an extra half-frame in Quake...
Re:I hope they let you disable this junk. (Score:5, Insightful)
Re:Woo! (Score:2, Insightful)
Protect yourself from potential threats. Any application downloaded to your Mac is tagged. Before it runs for the first time, the system asks for your consent -- telling you when it was downloaded, what application was used to download it, and, if applicable, what URL it came from.
Gain more control over the built-in firewall. Specify the behavior of specific applications to either allow or block incoming connections.
Feel safe with your applications. A digital signature on an application verifies its identity and ensures its integrity. All applications shipped with Leopard are signed by Apple, and third-party software developers can also sign their applications.
BTW, since OSX is BSD, then OSX has potentially had anything BSD has, especially things that are "ages" old as the other poster said.
Re:ASLR simply doesn't work (Score:1, Insightful)
This is of course complete bullshit. There has never been anything resembling a contract concerning where the stack, heap, libraries, etc are loaded into memory. The layout of the address space is different on different platforms already, you can not rely on it for anything. Randomized address space layouts will only make it very clear that your code is broken when using code that is already completely and totally wrong and broken.
"Breaking things may be worth it if you get some value in exchange for the pain, but randomization of the address space doesn't provide any value."
Considering it doesn't break things (see several jvm implimentations including sun's, ocaml, ghc, pike, etc, etc which all have GC and all work just fine) and that it does in fact provide a very signficant difficulty in executing exploit code contrary to your nonsense hand-waving, I think its very much worth it.