Examining the security improvements in Leopard

There have been several articles on Leopard's new security features popping up on various Mac websites but, so far, they've all been little more than rewrites of the security section in Apple's list of 300 new Leopard features. However, Rich Mogull's How Leopard Will Improve Your Security on TidBITS goes much further. 苏州美睫美甲

Interestingly, Rich starts by touting Time Machine as a big security win. A good way to keep your data from prying eyes is to delete it—don't forget to "erase free space" with the appropriate security options in Disk Utility, though—but that also kind of defeats the purpose of having data in the first place. Time Machine makes sure you get to keep your data to secure it another day.

The next improvement that Rich points out in Leopard is "stopping buffer overflows." Well, that's not actually what Leopard does. Even in Leopard, writers of applications, libraries, and operating system components can still write code that fails to restrict input data, allowing it to be written beyond the memory buffer set aside for this it. Therefore, buffer overflows are still possible. But the whole point of a buffer overflow exploit is to get the system to execute code sitting in that excess data—"arbitrary code" that can do something on behalf of the attacker. What Leopard does is randomize the location of various libraries in memory. This means that the attacker can't simply make the program jump to a known library location as part of the next step in its attack. Library randomization isn't foolproof—an attacker can still get lucky or be very persistent—but it certainly derails the vast majority of buffer overflow attacks.

The article goes on to talk about "identifying and defanging evil apps" in the form of tagging downloads, explains how vulnerable system components run in a "sandbox," and more. Personally, I'm very interested to see what the firewalling improvements amount to. Applications can be firewalled individually in Leopard, but it's unclear at this time how fine-grained that control is.