Lion sandboxing (was: RE: efence patch for darwin)

Jeff Johnson n3npq at mac.com
Thu Apr 28 07:42:45 PDT 2011


On Apr 28, 2011, at 10:34 AM, Vincent wrote:

> Le 26 avr. 2011 à 16:15, Jeff Johnson a écrit :
> 
>> And I'm still patiently waiting to see Lion "sandboxing" on my lappie ...
> 
> In the man page of ld, I see this:
> 
> -pie        This makes a special kind of main executable that is position independent (PIE).  On Mac OS X 10.5 and later, the OS the OS will load a PIE at a random address each time it is executed.  You cannot create a PIE from .o files compiled with -mdynamic-no-pic. That means the codegen is less optimal, but the address randomization adds some security. When targeting Mac OS X 10.7 or later PIE is the default for x86_64 main executables.
> 

Yes ... but ...

In ELF, recent (4 or more years ago) changes for  PIE executable have made
certain voo-doo rearrangements of loader sections so that hardware enforced
PROT_READ memory mappings can prevent some very subtle buffer overrun exploits
across executable sections.

I haven't a clue whether mach-o != elf has any benefit from PIE executables though.

Meanwhile sandboxing -- the latest Newer! Better! Bestest! BUZZ! BUZZ! BUZZ! --
is usually a different and more complex implementation. PIE per-se provides
no isolation whatsoever, merely stirs the bit soup so that additional data
becomes read-only.

> I don't know if it helps…
> 
> 73 from Vince (was f5rcs)

;-)

73 de Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4645 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20110428/2d3e43a3/attachment.bin>


More information about the macports-dev mailing list