Apple Adds Memory Randomization To Leopard

.mack notes a ZDNet blog outlining some of the security features added to OSX Leopard (10.5). Here's Apple's brief description of all 11 new security features. "Apple has announced plans to add code-scrambling diversity to Mac OS X Leopard, a move aimed at making the operating system more resilient to virus and worm attacks. The security technology, known as ASLR (address space layout randomization), randomly arranges the positions of key data areas to prevent malware authors from predicting target addresses. Another new feature coming in Leopard is Sandboxing (systrace), which limits an application's access to the system by enforcing access policies for system calls."

Even Windows does this

[OriginalArlen]

Even Vista has a not-completely-broken implementation of ASLR. Linux, of course, has been doing it for years...

Re:Even Windows does this

[Just+Some+Guy]

From your Wikipedia link:

ASLR is enabled by default in Linux since 2.6.20

Since that release was made on 2007-02-05, you could more accurately say that "Linux, of course, has been doing it for months". OpenBSD didn't even really get a strong version of it until 3.8, and that wasn't quite 2 years ago. It sounds like Windows had problems with it as recently as February 2007, but maybe that's fixed now.

This is still fairly cutting-edge stuff. It's not like they just now implemented memory protection for the first time.

Re:Cool, but even better...

[link915]

Currently no viable solution exists on a Windows box. There are things like Sunbird and Yagoon but they don't work well with Outlook (i.e. no real integration). Currently there is a project called Open Connector that exists to bring caldav support to Outlook. It is quickly reaching beta but the main developer needs help. I am pitching in and hope that others will as well. Check it out at http://www.openconnector.org./

Also, the calendar server that is used in Leopard is nothing more than the open-source Darwin calendar server at http://trac.calendarserver.org/projects/calendarserver

So, although nothing exists in ports that I can find you can run the Darwin calendar server on FreeBSD.

Re:These are just bandaids

[_merlin]

Eventually? Look back at the past! IBM System/390 mainframes (and the zSeries derived from it) have all those features in hardware. Array overrun? Hardware exception. Integer overflow? Hardware exception. Touch memory you deallocated? Hardware exception. ALU produces a spurious result? System picks it up because it runs all the code on at least two cores, and the same fault is unlikely to occur in two cores simultaneously - operation is retried on two more cores to determine which of the two original cores was correct, and the failing core is taken out of service.

You know why we don't do all that in hardware in PCs? Because it requires a huge amount of silicon. Sure, it's great. You learn good programming practices, because you can't get away with slipping even a little. But it costs a lot, gets hot, and goes slow. PCs are meant to be a good enough and cheap enough solution - not necessarily the best solution.

Re:Woo!

[bunratty]

As far as I can tell, even the Linux kernel doesn't have memory randomization. You need a patch like PaX to get that feature.

Re:Woo!

[bzzzt]

Microsoft definitely has something going on with .NET code though. The kind of security you can get there can't be compared with anything you can do on the software or even hardware level, with pure unmanaged code.

Nice to hear those Microsoft people are about to catch up with the Java sandbox model from 1997 ;)

Sandboxing != Systrace

[plsuh]

Another new feature coming in Leopard is Sandboxing (systrace), which limits an application's access to the system by enforcing access policies for system calls

Folks,

Just FYI, the sandboxing in Leopard is not systrace. Systrace is vulnerable to race conditions -- see Robert Watson's paper "Exploiting Concurrency Vulnerabilities in System Call Wrappers". I asked him about this at WWDC, and he told me that Leopard's sandboxing is based on a different technology and is not vulnerable to the same attacks.

--Paul

Re:ASLR == Windows Feature Since 3.1

[sith]

Seems like you might have some issues - I plug firewire drives into Tiger systems multiple times per day and have never had a crash. And even if it did, you'd get the multi-lingual "please restart" screen - I haven't seen OSX do a black screen panic since 10.1 ...

Also, if applications are "just vanishing" on launch, you may have disabled the little popup that tells you the 'application quit, wrote a crash log, and would you like to reopen it?' ...

Re:Woo!

[shmlco]

"DVD Player.app won't skip past things that the movie studios put on the DVD..."

True. In order to license the codecs and software needed to play DVDs legally a DVD Player has to honor the DVD player spec, which means honoring the stupid "operation not allowed" messages embedded in the DVDs.

Re:Woo!

[shelterpaw]

Easy enough to write an applescript to bypass that, which I've done. It's ugly, but it works and you can add it to your dvd applescript menu:

tell application "DVD Player"
activate
set viewer full screen to true
try -- use try to bypass the FBI warning, menu's etc.
play dvd
set title to 1
set chapter to 1
end try
(* The following will wait for DVD's that refuse to bypass the intro's and jump to the beggining. Annoying!*)<br>
delay [3]
if title is not equal to 1 then
repeat until active dvd menu is equal to main
go to main menu
delay [15]
end repeat
go return to dvd
end if
(* The following will be used for odd dvd's like Questar Documentarys's they don't start with the standard title, they start with title 2 or something different. *)
delay [30]
set oddTitle to 2
-- check to see if we're still on the main menu page
if dvd menu active is equal to true then
repeat until dvd menu active is equal to false
set title to oddTitle
set oddTitle to oddTitle + 1
end repeat
end if
end tell