Showing posts with label sandboxing. Show all posts
Showing posts with label sandboxing. Show all posts
Friday, July 13, 2012
Saturday, November 12, 2011
OS X Lion: Understanding the puzzle of sandboxing
With OS X
Lion, Apple has introduced many new features for users, but also for
developers. One of them is the sandboxing applications, mandatory term for
distributed applications through the Mac App Store. What is sandboxing? What
changes does it for users? And especially that he changes for developers?
A sandbox with walls twelve feet
high
It is
traditionally possible for an application to access all data and software and
hardware functions available. This logic, which makes the operating system on
the front of the stage, has allowed the development of many system utilities,
drivers, and most advanced applications. In this case, an application is free
to come and go on his playground, and to do what she wants.
Monday, November 29, 2010
Change of strategy
Overall, the whole approach of the Apple security that Charlie Miller and castigated early March, although he conceded being "somewhat responsive to bugs that has been providing it with:" Apple does not pay security researchers. Apple assumes that it has no security problem and did not need to work with researchers. "Worse, he said," Apple is certainly capable of producing a safe product, but do just not yet made the effort. "And, in fact, Apple may have changed his tune: he moreover subject - among others - pre-release version of Mac OS X Leo.
In addition, Apple has recently recruited several experts in computer security: David Rice, a former NSA, Ivan Krstic, former director of the OLPC, or Windows Snyder, who has contributed to strengthening the security of Firefox.
And he has this apparent convergence between Mac OS X iOS. Apple uses sandboxing widely within IOS, but not in Mac OS X, maybe it will evolve. ALSR arrived in IOS with version 4.3, its use may be extended with Leo. Code signing is also utilized to secure iOS. With the Mac App Store, it used to protect applications distributed through this, against piracy. But perhaps Apple plans to go further ...
Tuesday, November 23, 2010
Safari, a victim of his age?
But if there's one application that one might be tempted to apply this perspective, it's Safari. A French window all the more sensitive it is open to a world where hostility is not lacking. And then, Apple has fallen behind Google and its sensitive Chrome: it is fully designed to isolate processes from each other and HTML rendering extensions, is the concept of sandboxing, confinement in bins sand, literally.
Safari for Mac could give the impression to use the sandboxing for plug-ins like flash, but isolation is not complete - it is just there to prevent the component to crash the browser.
Mac OS X Lion could change somewhat the situation: a new process is associated with Safari, and it could be exclusively dedicated to rendering HTML, Safari Web Content (read: Safari 5.1: separate processes and WebGL). But it remains far from that Chrome isolates each tab in a dedicated process. And for Miller, Apple has "failed - or did not seek" to make regularly available for Safari updates made to its rendering engine, WebKit. As to better illustrate this assertion, Chrome has already enjoyed a patch for the vulnerability exploited in the last Pwn2Own to make him fall.