Slashdot Mirror
Mac OS X Sandbox Security Hole Uncovered
Gunkerty Jeb writes "Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X. The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple's announcement earlier this month that all applications submitted to the Mac App store must implement sandboxing as of March 1, 2012. Sandboxing, Apple has argued, limits the resources applications can access and makes it more difficult for malware to compromise systems. Researchers at Core however revealed Nov. 10 that they had warned Apple in September about a vulnerability in their sandboxing approach. According to Core's advisory, several of the default predefined sandbox profiles fail to 'properly limit all the available mechanisms.' As a result, the sandboxing restrictions can be circumvented through the use of Apple events."
Apple recently announced they were pushing back the requirement for sandboxing, originally the requirement was November. Maybe this is why.
"I use a Mac because I'm just better than you are."
Ever since JavaScript, iOS, and Android became widely hyped, we've heard a lot of fools screaming on about how sandboxing is somehow the solution to all of computing's ills. They claim it'll provide perfect security, and processes will be totally isolated from one another, and performance won't suffer, and a whole host of other claims that are utter bullshit.
This incident is so important just because it blows a hole in everything these sandbox-loving idiots are claiming. This is important because it's reality putting their silly theoretical beliefs in the spotlight, where everyone can see just how full of shit the "sandboxing is the answer!" crowd is.
Those of us who have pointed out that all sandboxes are imperfect, and are merely another tool in our toolbox, have been proven right once again. After all, we've been dealing with these sandboxing techniques since they were first implemented on mainframe systems, and then later in most commercial UNIX systems and the BSDs, and then by the JVM and .NET.
Sandboxing has its place. Like I said, it's one tool among many. But it's not the savior that so many have claimed it to be, especially as of late. I suppose that we shouldn't be surprised that these fools are so wrong. After all, many of these "programmers" only know JavaScript. Hell, some of them were born after 1990, a good 20 years after we realized what the problems were with sandboxing after it had been implemented on mainframes back in the 1960s and 1970s.
> Yes, the no-network profile only prevents network access.
1. no-network profile does *not* prevent network access see PoC [1]
2. The concept itself is broken, a sandbox which *only* prevents network access is completely useless. As a result network access is available to sanboxed applications.
[1] http://www.coresecurity.com/content/apple-osx-sandbox-bypass
This will not happen. I see this bullshit paranoia all the time. The mac will NOT be app-store only. However, if you CHOOSE to run app store only apps, you get sandboxed, vetted apps from a trusted vendor. Windows 8 is going the same way.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
You're absolutely right. This is always the path taken with sandboxing. Once people realize that the sandbox is preventing them from getting real work done, the next hyped "feature" is usually some way to bypass the sandbox.
This is exactly what IPC was on UNIX systems, for instance. It allowed unrelated and isolated processes to communicate with one another. For a while it was one of the big selling points of certain commercial UNIX variants.
Apple and Microsoft (with Windows 8) are merely 30 years behind those who were the true leaders. But instead of learning from history, they'll spend the next few years causing numerous problems thanks to sandboxing, and then sometime around 2015 or 2016 we'll see support for bypassing the sandbox start getting hyped as a competitive advantage.
This is a fake story about a fake hole. The "vulnerability" is that some sandbox profile, called "no-network", which isn't part of App Sandbox (a totally different sandbox technology, that will be required for apps on March 2012), but rather part of the legacy sandbox technology that was unused by 3rd party developers, only prevents network access. Yes, the no-network profile only prevents network access.
It's sad what's happened to Core Security in the past year or so.
No, it's not a fake vulnerability. You should read the report (RTFR?).
The vulnerability is about how apple events can be used to bypass the sandboxing of an application, and in this particular case to gain unrestrained network access even though the app is tagged as "no-network". According to the report it can be used to bypass other restrictions too.
diegoT
What has not yet been lifted in this thread is that OSX and IOS are starting to look a lot more like each other, or OSX is looking a lot more like IOS since Lion upgrade, i think we will see more and more aspects of the mac being locked in. I am seriously looking at going back to Debian for my desktop.
Steam can't run in a sandbox so apple can lock them out if they move to more of a app store only system.
...and the same is true of MS Office, Adobe CS, Parallels/VMWare etc. So maybe, just maybe, Apple isn't going to lock down OS X until people are no longer buying Macs to run those applications.
Sure they could decide to go this way - in which case I could feed a Linux or Windows disc in my Mac and give Apple up as a bad job. Personally, I'd be more worried as to whether MS is going to push UEFI secure boot onto every OEM, making it hard to buy any hardware that let you choose which OS to run.
OTOH the App Store could develop as somewhere that it was safe for a non-Admin account (Grandad, kids, mere employees) to install software from. The whole system wouldn't need to be locked down.
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
No. You don't have to trash your Mac. OS X 10.5.8, Leopard, has the following useful characteristics:
1) it allows 64-bit data, so apps written for it can process massive data sets when used with 64-bit capable processors;
2) it comes on optical media, and is both easily installed and duplicated;
3) it is beginning to receive support from the user community (as opposed to Apple) for the bugs Apple left in it; (console messages in error with cron operations, anyone? -- not anymore)
4) it supports a wider range of available drivers than either Snow Leopard or Lion (or presumably, any of their successors);
5) it supports PPC emulation, consequently doesn't obsolete all those years of software, as does Lion;
6) Apple updates for Leopard that don't implement the problems of Snow Leopard and Lion are available as files;
7) Most responsible developers still support Leopard (it's still used by ~30% of the installed base)
8) The more people use Leopard, the healthier the OS X software community will be
9) No sandboxing -- straight up access according to user permissions. Terrific resistance to non-privileged exploits; the usual vulnerabilities if you're gullible enough to install malware and give it access.
10) Available for PPC, so entire spectrum of Macs for many years are usable and available as a market. If it ain't broke... don't stop supporting it.
Speaking as a developer, my company is aiming straight at, and developing under, Leopard; though we do test under Snow Leopard and Lion. It's a shame to have to give up some of the API's we could otherwise use (no one here is interested in implementing features that only work under later OS versions), but clearly it's the right thing to do: unlike Apple, we're not inclined to leave users behind, which is the philosophy that clearly underlies 10.6 and later.
Leopard is kind of like Apple's version of XP, except without the built-in obsolescence of "activation." It'll work natively for many, many years yet and with the advent of VMs, probably decades after that. It is easily "Hackintoshable." And in the meantime, if enough people drag their feet, maybe even Apple can be made to "get the message" that it isn't OS X that needs to move in the direction of IOS... it's IOS that needs to move in the direction of OS X. You know, things like nested folders, apps that can work filesystem-wide, etc.
I've fallen off your lawn, and I can't get up.
Apple built their business on good decision making, no question. But also no question, they've made grave errors recently. Why do you think Lion has such a low adoption? Why do you think the Apple fora are full of complaints? Why do you think so many IOS apps are crashing, and why the advertised features of IOS5 don't work? Why is it that Apple isn't doing sufficient testing prior to release? Why is it that they are leaving so many existing, recent customers out in the cold? Why is it that they are dumbing down OS X applications? They're aiming at the middle of the Gaussian now... and that isn't, historically speaking, their Mac customer base.
As the financial dweebs say: past history is no guarantee of future performance. But past history is what gets a company to wherever they are, today.
As soon as you learn to distinguish these two concepts, you'll begin to understand what is happening.
I've fallen off your lawn, and I can't get up.
Customers were used to using drivers for scanners and etc, Apple took that away (effectively taking away the supported hardware) in Snow Leopard by breaking tons of them -- and never going back to fix them.
That's a third party problem, they need to support their own devices.
Customers were used to being able to run the PPC apps they had spent many dollars on... Apple took that away in Lion.
After they licensed very expensive software (Rosetta) to give you years to ween yourself of off PPC. I find it hard to imagine another OS vendor expending that much effort to do a seamless transition, even Bill Gates was impressed they pulled the intel switch off as seamlessly as Apple did. Ungrateful much ?
Customers have been used to apps (oh, I dunno, like Photoshop?) that were part of a system of apps that worked with their data, and Apple's taking that away within the bounds of the app store... and you think it's unlikely that this policy will spread outside the store?
Yes, they're not going to piss off a sizeable part of their customer base by making it impossible to run Photoshop or other Pro apps.
Buddy, Apple does what it wants -- they are *famous* for doing "teh stupidz" -- folders that don't nest under IOS, "wifi sync" that doesn't work under Leopard, a 4-year old native OS, while it does under XP, a ten year old non-native OS, they break the living hell out of IOS apps with just about every "upgrade", forcing developers to put up Yet Another Version of their app to correct for the incompatibilities...
Nested folders are a bad idea. People don't get nested hierarchies, spend some time watching non-geeks use computers and you'll see.
Leopard is down to 22% market share, XP only just dipped below 50% this summer. There's a vast amount of XP machines out there, so unfortunately Apple should expend the effort to support them.
iOS is a platform that's developing at an enormous pace because mobile is so competitive and fast evolving. Change or get left behind is the name of the game, accumulating backwards compatibility cruft à la Windows would be deadly. That said I have not heard many complaints about breakages.
When your reasoning depends upon Apple doing things because customers have expectations, your reasoning is no better than a random guess. Apple makes roadmaps, has "visions", and then aims at them. Up until Leopard and IOS4, they were doing pretty well at hitting the target, though of course everyone wanted more. 10.6 and later, IOS5... these are huge bags of fail from several perspectives, most especially from the one you're using to make your assertion: Apple doesn't aim at keeping customers expectations static.
You obviously don't like iOS5 and Lion. There are a lot of us who would beg to differ.
If all else fails, immortality can always be assured by spectacular error.
Google Lion Adoption
Google Apple fora complaints
IOS5 feature not working
IOS app crashing
if apps are crashing and drivers don't work and features don't work and data is being lost and batteries are being consumed too fast at release time... they're not doing enough testing. Or is that too complex an idea for you to wrap your head around? Go read the apple support forums, for FSM's sake. Your profound ignorance is annoying.
Seriously? Ok, starting with Snow Leopard, there's a huge list. With Lion, I'm just going to point at them dropping the PPC emulator and see if you get it (keeping mind that there are many additional issues similar to those at the above Snow Leopard incompatibility monitor. But, you know, Google it.)
Oh, Jeez, low-hanging fruit. I'm sorry (well, not very): [says nothing, points finger straight at you]
PS: Nothing I said was in the least an exaggeration or hyperbole: I'm an active Mac and IOS user and an OS X developer, and in these matters, I am reasonably well informed.
I've fallen off your lawn, and I can't get up.
Yup, no vulnerability at all. Have you read the documentation for using Apple Events? The chances of anyone successfully implementing anything that relies on them is basically zero.
I am TheRaven on Soylent News