Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Adds Memory Randomization To Leopard

Posted by kdawson on from the shuffling-the-wormholes dept.

.mack notes a ZDNet blog outlining some of the security features added to OSX Leopard (10.5). Here's Apple's brief description of all 11 new security features. "Apple has announced plans to add code-scrambling diversity to Mac OS X Leopard, a move aimed at making the operating system more resilient to virus and worm attacks. The security technology, known as ASLR (address space layout randomization), randomly arranges the positions of key data areas to prevent malware authors from predicting target addresses. Another new feature coming in Leopard is Sandboxing (systrace), which limits an application's access to the system by enforcing access policies for system calls."

11 of 311 comments (clear)

  1. Cool, but even better... by Just+Some+Guy · · Score: 5, Interesting

    From the changelog:

    CalDAV Group Scheduling
    Schedule a meeting with colleagues, check availability, and book conference rooms when using iCal with a compatible CalDAV server like iCal Server.

    Reserve Rooms and Equipment
    Reserve meeting rooms and equipment as you create your meeting invitations. If your calendar is administered through a CalDAV server, iCal automatically displays availabilities when you add a room or resource to your meeting.

    It sounds like a high-level player finally decided to take on Exchange. My biggest questions: are there Windows programs that support these features via CalDAV, and is there a CalDAV server in FreeBSD's ports?

    --
    Dewey, what part of this looks like authorities should be involved?
    1. Re:Cool, but even better... by link915 · · Score: 5, Informative

      Currently no viable solution exists on a Windows box. There are things like Sunbird and Yagoon but they don't work well with Outlook (i.e. no real integration). Currently there is a project called Open Connector that exists to bring caldav support to Outlook. It is quickly reaching beta but the main developer needs help. I am pitching in and hope that others will as well. Check it out at http://www.openconnector.org./

      Also, the calendar server that is used in Leopard is nothing more than the open-source Darwin calendar server at http://trac.calendarserver.org/projects/calendarserver

      So, although nothing exists in ports that I can find you can run the Darwin calendar server on FreeBSD.

      --
      "I reject your reality and substitute my own!"
  2. Re:Leopard? by Just+Some+Guy · · Score: 5, Funny

    Why would Apple chooses such a gay name for its operating system?

    To give you closeted folk an excuse to talk about your feelings in public.

    --
    Dewey, what part of this looks like authorities should be involved?
  3. Re:Even Windows does this by Just+Some+Guy · · Score: 5, Informative

    From your Wikipedia link:

    ASLR is enabled by default in Linux since 2.6.20

    Since that release was made on 2007-02-05, you could more accurately say that "Linux, of course, has been doing it for months". OpenBSD didn't even really get a strong version of it until 3.8, and that wasn't quite 2 years ago. It sounds like Windows had problems with it as recently as February 2007, but maybe that's fixed now.

    This is still fairly cutting-edge stuff. It's not like they just now implemented memory protection for the first time.

    --
    Dewey, what part of this looks like authorities should be involved?
  4. Re:Even Windows does this by Anonymous Coward · · Score: 5, Funny

    You have an apt nickname.

  5. Re:These are just bandaids by _merlin · · Score: 5, Informative

    Eventually? Look back at the past! IBM System/390 mainframes (and the zSeries derived from it) have all those features in hardware. Array overrun? Hardware exception. Integer overflow? Hardware exception. Touch memory you deallocated? Hardware exception. ALU produces a spurious result? System picks it up because it runs all the code on at least two cores, and the same fault is unlikely to occur in two cores simultaneously - operation is retried on two more cores to determine which of the two original cores was correct, and the failing core is taken out of service.

    You know why we don't do all that in hardware in PCs? Because it requires a huge amount of silicon. Sure, it's great. You learn good programming practices, because you can't get away with slipping even a little. But it costs a lot, gets hot, and goes slow. PCs are meant to be a good enough and cheap enough solution - not necessarily the best solution.

  6. Re:Woo! by bunratty · · Score: 5, Informative

    As far as I can tell, even the Linux kernel doesn't have memory randomization. You need a patch like PaX to get that feature.

    --
    What a fool believes, he sees, no wise man has the power to reason away.
  7. Trend by MadMacSkillz · · Score: 5, Funny

    There is a trend emerging, ever so slowly... It used to be Mac users attacking Windows users... More and more I'm starting to hear Windows users attacking Mac users. Fortunately, so long as the argument is "Mac is gay," I don't really feel like Mac users need to bother responding. Linux I respect, though... because once I'm in the command line, it's just like OS X. (ducks)

    --
    Music - www.richardmac.com
  8. Re:Why? by tiocsti · · Score: 5, Insightful

    "Changing the memory address layout is roughly akin to doing home security by locking different doors on different nights, but always leaving one unlocked. The would-be burglar just has to try all the doors to get in. Doing this kind of thing is trivial on a computer."

    Yes, it's just like that, except you have millions of doors, and a intruder can only try to open one door per night, and the unlocked door changes randomly every night.

    "People really need to stop adding these kinds of things that increase complexity and do not address the real issue, which in this case is access to the memory space of another application without some sort of credential or approval. When the real problem is addressed, this overly complex and fundamentally useless random memory address layout 'feature' will be left in to cause bugs and complexity forever."

    This has nothing to do with access to the memory space of another application.

  9. Re:Woo! by jsiren · · Score: 5, Funny

    Even I have a random memory!

    --
    Usage: km/h for speed (kilometers per hour); kph for very slow impulses (kilopond hours).
  10. Re:Woo! by shelterpaw · · Score: 5, Informative
    Easy enough to write an applescript to bypass that, which I've done. It's ugly, but it works and you can add it to your dvd applescript menu:

    tell application "DVD Player"
    activate
    set viewer full screen to true
    try -- use try to bypass the FBI warning, menu's etc.
    play dvd
    set title to 1
    set chapter to 1
    end try
    (* The following will wait for DVD's that refuse to bypass the intro's and jump to the beggining. Annoying!*)<br>
    delay [3]
    if title is not equal to 1 then
    repeat until active dvd menu is equal to main
    go to main menu
    delay [15]
    end repeat
    go return to dvd
    end if
    (* The following will be used for odd dvd's like Questar Documentarys's they don't start with the standard title, they start with title 2 or something different. *)
    delay [30]
    set oddTitle to 2
    -- check to see if we're still on the main menu page
    if dvd menu active is equal to true then
    repeat until dvd menu active is equal to false
    set title to oddTitle
    set oddTitle to oddTitle + 1
    end repeat
    end if
    end tell