Matasano has written a good early examination of the new security
features, at http://www.matasano.com/log/981/a-roundup-of-leopard-security-features/
Unfortunately, there's rather too much of what I had expected, given
past performance from Apple - technically sound tools, with
insufficient implementations built on top of them, and too much of it
is closed and undocumented (or practically undocumented), so the user
community is unable to fill the gap effectively.
In fact, with regards to the sandboxing part, there's altogether too
much of that - for example, Safari isn't sandboxed, nor is there any
apparent way for users or developers to write sandboxes for their own
applications.
Regards
Mark
On 10/28/07, Todd Woodward wrote:
> It's still extremely early post public release of Leopard and the tires are still in need of some swift kicks. At least those of us who were under NDA with regards to Leopard can now speak more freely.
>
> I found the following Tidbits article which begins a discussion about the security improvements and features in Leopard:
>
> http://db.tidbits.com/article/9251
>
> Specifically it discusses Time Machine, Library Randomization (a.k.a. Memory Randomization), improved IPFW, application sandboxing, Keychain enhancements, SMB packet signing, guest accounts, and more.
>
> In an article posted yesterday, they discuss an issue reported by Open Door Networks with the "Back to My Mac" feature: http://db.tidbits.com/article/9269
>
>
>
> Security Response Researcher
> Focus-Apple Moderator
>
> ________________________________________
> Todd D. Woodward
> Technical Support Engineer
> NetBackup Support
> Symantec Corporation
> www.symantec.com
> Springfield, Oregon
> ________________________________________
> Office:541-335-7441
> ________________________________________
>
features, at http://www.matasano.com/log/981/a-roundup-of-leopard-security-features/
Unfortunately, there's rather too much of what I had expected, given
past performance from Apple - technically sound tools, with
insufficient implementations built on top of them, and too much of it
is closed and undocumented (or practically undocumented), so the user
community is unable to fill the gap effectively.
In fact, with regards to the sandboxing part, there's altogether too
much of that - for example, Safari isn't sandboxed, nor is there any
apparent way for users or developers to write sandboxes for their own
applications.
Regards
Mark
On 10/28/07, Todd Woodward wrote:
> It's still extremely early post public release of Leopard and the tires are still in need of some swift kicks. At least those of us who were under NDA with regards to Leopard can now speak more freely.
>
> I found the following Tidbits article which begins a discussion about the security improvements and features in Leopard:
>
> http://db.tidbits.com/article/9251
>
> Specifically it discusses Time Machine, Library Randomization (a.k.a. Memory Randomization), improved IPFW, application sandboxing, Keychain enhancements, SMB packet signing, guest accounts, and more.
>
> In an article posted yesterday, they discuss an issue reported by Open Door Networks with the "Back to My Mac" feature: http://db.tidbits.com/article/9269
>
>
>
> Security Response Researcher
> Focus-Apple Moderator
>
> ________________________________________
> Todd D. Woodward
> Technical Support Engineer
> NetBackup Support
> Symantec Corporation
> www.symantec.com
> Springfield, Oregon
> ________________________________________
> Office:541-335-7441
> ________________________________________
>
[ reply ]