Quantcast
MacUser
News, info, and opinion by Mac users, for Mac users.

Dino Dai Zovi discusses securing Mac OS X

Posted by Derik DeLong | Wednesday, June 25, 2008 6:25 AM PT

Dino Dai Zovi Security expert Dino Dai Zovi earned my respect when he revealed a Mac OS X security flaw without trying to attract attention to himself. He has written a piece about the future security of Mac OS X releases and it’s rather informative.

He lists five things he’d like.

  • Full address space layout randomization instead of just library randomization.
  • Full use of non-executable memory instead of just the stack.
  • 64-bit native execution for security sensitive processes.
  • Sandbox policies for Safari, Mail.app, and third party apps.
  • Mandatory code signing for kernel extensions.

All of these are reasonable measures. We should hope that Apple takes these to heart and implements them.

Archives

Categories