News, info, and opinion by Mac users, for Mac users.

June 25, 2008

security

Dino Dai Zovi discusses securing Mac OS X

Posted Jun. 25, ’08, 6:25 AM PT by Derik DeLong
Category | Security

Dino Dai Zovi Security expert Dino Dai Zovi earned my respect when he revealed a Mac OS X security flaw without trying to attract attention to himself. He has written a piece about the future security of Mac OS X releases and it’s rather informative.

He lists five things he’d like.

  • Full address space layout randomization instead of just library randomization.
  • Full use of non-executable memory instead of just the stack.
  • 64-bit native execution for security sensitive processes.
  • Sandbox policies for Safari, Mail.app, and third party apps.
  • Mandatory code signing for kernel extensions.

All of these are reasonable measures. We should hope that Apple takes these to heart and implements them.


Leave a comment

 




Visit other IDG sites: