The "sandboxing" concept is not the same as systrace, but achieves similar goals.
Sounds like a pretty kewl concept to me, especially for a desktop based OS...
additional reading found hmah.
w00t? i think so. in a behind the scenes kinda way.
Apple adds memory randomization to Leopard
Moderator: Moderators
-
complacent
- DCAWD Founding Member
- Posts: 11651
- Joined: Sun Aug 29, 2004 8:00 pm
- Location: near the rockies. very.
- Contact:
Apple adds memory randomization to Leopard
/. article here.
The "sandboxing" concept is not the same as systrace, but achieves similar goals.
Sounds like a pretty kewl concept to me, especially for a desktop based OS...
additional reading found hmah.
w00t? i think so. in a behind the scenes kinda way.
The "sandboxing" concept is not the same as systrace, but achieves similar goals.
Sounds like a pretty kewl concept to me, especially for a desktop based OS...
additional reading found hmah.
w00t? i think so. in a behind the scenes kinda way.
colin
a tank, a yammie, a spaceship
i <3 teh 00ntz
a tank, a yammie, a spaceship
i <3 teh 00ntz
-
Sabre
- DCAWD Founding Member
- Posts: 21432
- Joined: Wed Aug 11, 2004 8:00 pm
- Location: Springfield, VA
- Contact:
Very cool idea... but they have to keep a table/list of where things are going and that means it's exploitable. It will definitely deter the armature virus/malware witter though.
Check out this old virus. It uses a similar technique to look up where functions are in RAM. Presumably in OSX, they could hook into a kernel debuger like gdb and find those memory locations at time of execution. At that point, random or not, the kernel is theirs.
The sandboxing is a great idea, but if the attacker can find the right memory location using the above, it's actually trivial to bypass. By overwriting a function in memory that is outside the sandbox and that has admin/root/ring 0 functionality, they have bypassed this.
Even given the above, it's still very cool
Check out this old virus. It uses a similar technique to look up where functions are in RAM. Presumably in OSX, they could hook into a kernel debuger like gdb and find those memory locations at time of execution. At that point, random or not, the kernel is theirs.
The sandboxing is a great idea, but if the attacker can find the right memory location using the above, it's actually trivial to bypass. By overwriting a function in memory that is outside the sandbox and that has admin/root/ring 0 functionality, they have bypassed this.
Even given the above, it's still very cool
Sabre (Julian)
92.5% Stock 04 STI
Good choice putting $4,000 rims on your 1990 Honda Civic. That's like Betty White going out and getting her tits done.
92.5% Stock 04 STI
Good choice putting $4,000 rims on your 1990 Honda Civic. That's like Betty White going out and getting her tits done.