Dino Dai Zovi discusses securing Mac OS X

Security expert Dino Dai Zovi earned my respect when he revealed a Mac OS X security flaw without trying to attract attention to himself. He has written a piece about the future security of Mac OS X releases and it’s rather informative.

He lists five things he’d like.

• Full address space layout randomization instead of just library randomization.
• Full use of non-executable memory instead of just the stack.
• 64-bit native execution for security sensitive processes.
• Sandbox policies for Safari, Mail.app, and third party apps.
• Mandatory code signing for kernel extensions.

All of these are reasonable measures. We should hope that Apple takes these to heart and implements them.