DCAWD.com

/. article here.

The "sandboxing" concept is not the same as systrace, but achieves similar goals.

Sounds like a pretty kewl concept to me, especially for a desktop based OS...

additional reading found hmah.

w00t? i think so. in a behind the scenes kinda way.

Very cool idea... but they have to keep a table/list of where things are going and that means it's exploitable. It will definitely deter the armature virus/malware witter though.

Check out this old virus. It uses a similar technique to look up where functions are in RAM. Presumably in OSX, they could hook into a kernel debuger like gdb and find those memory locations at time of execution. At that point, random or not, the kernel is theirs.

The sandboxing is a great idea, but if the attacker can find the right memory location using the above, it's actually trivial to bypass. By overwriting a function in memory that is outside the sandbox and that has admin/root/ring 0 functionality, they have bypassed this.

Even given the above, it's still very cool