Apple has finally released the full list of updates in the next version of the Mac operating system, including a section detailing all the security updates.
A couple of features look pretty interesting. The biggest is the inclusion of “Library Randomization”, or what we call layout randomization (ASLR) in Vista. System functions are randomized in memory to make exploitation more difficult. I don’t have a Leopard seed to check it out, and I suspect some of the researchers out there will dig in and let us know how good (or bad) the implementation is. Mac OS X already supports Data Execution Prevention, one of the other key Windows XP, Server, and Vista anti-exploitation technologies.
Another good feature is tagging of downloaded applications. Any downloaded executable is tagged by the OS and requires the user to approve it on first launch (it doesn’t mention if it’s a password prompt or just clicking an OK box). It appears to list the app name, what tool downloaded it, and (if possible) the URL it came from. Regular users probably won’t pay attention, but this will be nice for those of us who do.
Apple also (finally) improved the Mac OS X firewall to include some level of application control. The description makes it look like it only controls inbound connections, which would be too bad. I think the user interface for this one will be pretty important, and maybe outbound control is hidden in the capabilities somewhere. Anyone up to date on ipfw that can let us know if Apple is sticking with that?
There’s a new sandboxing feature for some default applications, including Bonjour, Spotlight, and Quick Look. I highly suspect this is a way of limiting the potential exploitation via file and network fuzzing, considering the applications they picked.
Most of the rest of the updates are fairly straightforward and good to see. Application signing, 256 bit AES for file encryption, better VPN support, SMB packet signing for Windows compatibility, multiple user certificates, and some updates to access control lists for file sharing (I think, although they don’t say, driven by Windows compatibility issues). There’s increased smart card support designed to meet the needs of the feds, but I might give it a shot (for fun) if the readers are added to default Macs (unlikely).
And let’s not forget the biggest security feature in Leopard that didn’t make the list- Time Machine. Getting users to do differential backups will do more to assure the availability of their data than any other security feature.
I’m really looking forward to seeing how this all holds up once the security researchers get their hands on it. On paper it looks great, maybe even getting Mac OS X up to the level of Vista (for security- usability on Vista still sucks). But I don’t believe anything until people smarter than me start banging on it and seeing where the cracks are.