digg

Facebook Connect Join Digg About

Review: Security in OS X Leopard's latest Preview Build

blog.cocoia.com My two app-developing friends invited me to take a spin with Apple's most recent build of Leopard. I've checked out a few things that are interesting in the light of security, and I have found that Apple's doing a lot of drastic changes and work to ensure OS X stays secure.

Who dugg this? Made popular Mar 26, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

30 Comments

show profanity settings
expand all
  • newbill123, on 10/12/2007, -2/+9@lieutenantmudd asked: "Were Input Managers that insecure? Giving up the bulk of OS 'enhancements' seems like a pretty big price to pay."

    Skinning the interface on Windows went from being a harmless distraction to being insecure both technically and socially. Funky cursors and differrent colored buttons seems harmless but it allows malware to be installed and will even encourage the end user to help that process along. "If you want the cute little Winnie The Pooh skin, you'll have to enter your password to install it."

    The problem isn't the input managers but the abuse of the way these things were implemented. Code Injection was a hack that was useful for debugging and for breaking some of the hard and fast communication barriers during code execution. It was always a security issue, but now that it's gone from being a quirky debugging method for programmers to being an end-user patching mechanism (with the popularity of haxies and so on), it was ripe for being subverted by malware authors.

    Apple has seriously beefed up debugging in Leopard (with Dtrace debugging and neato apps like Xray) so the loss of code injection for debugging isn't as big a deal. It means some workflow changes.

    But for the end user, the loss of haxies and other things that relied on code injection will seem draconian. Apple isn't going out of its way to open up a new way to skin the user interface or any of the other surreptitious ways to hack an app with code it wasn't aware of when it was compiled. Perhaps VMWare or Parallels will come out with a virtualized Tiger environment where users could still run old code (with all of it's liabilities) under Leopard. I don't think Apple will be first on the block to undermine their own OS though.
  • kelly, on 10/12/2007, -2/+9finally?
  • enicholas, on 10/12/2007, -1/+6Ever since I first learned about the input manager framework, I have been waiting nervously for someone to exploit it. Yes, it was a HUGE security risk and I am incredibly glad it's gone.

    For those not in the know, by placing an executable file in a special directory of the user's account, your executable code will be run inside of every application run by that user. That's how programs which skin or otherwise modify OS X programs work -- they register themselves as input managers, and then they get to modify every application as it starts. They aren't really input managers, of course, but OS X has no way to tell whether something is a legitimate input manager or some hack which is going to be making modifications to everything that runs.

    So we've got the following situation:

    A) The code can see and touch every running application
    B) It can be installed without any kind of security notification
    C) It has the full permissions of the user running the application -- meaning it can (for instance) make network connections and send your private data to hackers.
    D) It can indirectly modify the behavior of programs that user doesn't have permission to directly modify (e.g. in the Applications directory for a non-admin user)

    There are no known exploits using this vector, but it was only a matter of time. And it could very well have been ugly. I am soooo very glad Apple patched this.
  • Rice, on 10/12/2007, -5/+9Finally, some good news about Leopard.

    I can't wait for it. Honestly, I don't know why. New OSes are just so much fun.

    Now just give me a top secret feature to think about.
  • SpacedCowboy, on 10/12/2007, -1/+5Um, this looks very (*very* !!) similar to the existing Tiger "server" admin ui. It's actually a lot more flexible than it appears in the post - he's just looking at the 'all' settings there...

    I use this s/w pretty much every day (the network-bandwidth graphs are pretty as well as useful :-) It's not new.

    Simon
  • zweben, on 10/12/2007, -1/+4Hmm... i'm sad that i'm going to have to wait for all the input manager hacks I use to be re-made, and many will probably just be discontinued.

    But security is good.
  • nayr, on 10/12/2007, -0/+2I've found the opposite; safari is really snappy, it just has no ad-blocking, quick searches, or any of the other stuff available in plugins.

    I think someone needs to fork Safari into something that allows plugins and stuff.
  • ilgaz, on 10/12/2007, -0/+2@enicholas you seem to "forget" to tell what Apple coders did. Putting Input Managers to users home folder was looking for the trouble. There is no mechanism on OS X to give special rights to something in users home folder too.

    Guess why? Because purist nerds didn't want Apple to change their own home folder permissions.

    You seem to forget user can very basically and effectively, even via Finder can SECURE Input Managers, right click, make it owned by "administrator" and "lock" them. "Apply to enclosed items".

    I really know your type so I am not surprised. Lets "secure" the /dev and tell users to chmod /dev/dsp 666 to get audio eh? :)
  • nayr, on 10/12/2007, -0/+2Inpput Managers, along with mach_star, aloud programs to 'inject' or 'patch' code in running applications. This is pretty much the definition of a security hole.

    I myself wrote a key logger, just to see if I could. You still can, but it's a lot harder, and requires root access (i.e. a keyboard driver, does this even exist? maybe a USB driver or something.)

    Also, if y'all are REALLY anxious to get this, you could always enable it with their own patched kernel!
  • Trioxin, on 10/12/2007, -0/+2I personally have a Folder Action on the Input Manager folders that notifies me if anything has been added to them.
  • ilgaz, on 10/12/2007, -0/+1@nayr we are in 2007, nobody touches anything without installing a rootkit first. We are speaking about 100.000 machines who are commanded by layered master machines who are looking for exploitable "recruit" machines to do their job.

    InputManagers making you nervous? Secure and lock them.You can even do it via Finder. The lack of Input Managers invites 3rd party Kernel Extensions which can be really serious issue.

    About the admin access? Check versiontracker top 100,who doesn't ask for Admin password and who thinks or reads the actual EULA while granting access? There are some entries there with EULAS you grant to install third party toolbars to your browser before such functionality exists on Safari. (Hopefully will never exist)

    Finders schizoid state still not resolved too. It still cares about extensions and resources same time. That is a deep down security problem. Trying to mimick Linux is not the solution. App signing, kernel extension signing, locking down signed stuff is way to go. Removing a NeXT function is not.
  • autoy, on 10/12/2007, -8/+9Either:

    1 - Safari 3 is very much improved so you don't need Saft (or other addons).
    2 - Everyone and their mother starts to use Firefox, Camino and so on.
  • ilgaz, on 10/12/2007, -0/+1Input Managers are NOT removed, they are disabled by default and you can ENABLE them.

    The screenshot I found from a blogs comments: http://img227.imageshack.us/img227/7002/sssmr7.jpg --->Not my screenshot, I never use default OS X theme :)

    It is just like startup items fix.

    OK, security wanting super cool nerds can enjoy their disabled input managers while we will enable them.

    Best of both Worlds, issue solved.
  • farbanti, on 10/12/2007, -0/+1Yeah I was thinking the same thing. Definitely not new. Now maybe it is included in the non-server version of Leopard? That would be cool. Why still call it "Server Admin" if thats the case?
  • ilgaz, on 10/12/2007, -0/+1You could simply make Input managers owned by root and nothing gets installed there without dialog. No need to sit there and wait for getting InputManager "hacked".

    A person who can hack a OS X system will probably install a unknown rootkit at first place and that kind of black hats really doesn't care about InputManagers at all. The only people trying to put people to panic about InputManagers are script kiddies themselves.

    It may get -20 diggs but I still wanted to say these.
  • jwoolson, on 10/12/2007, -1/+2No more Mac OS HaXz?

    I'm not ready to say farewell to Saft, Chax, and Unsanity hacks! How
    about QuicKeys? I think QK may rely on some unorthodox hack-ularity to do
    some of its magic, too. Most of my essential hack-ish "amenities" may
    be banished in Leopard. Default Folder will still work in Leopard,
    according to the developer.
  • ilgaz, on 10/12/2007, -1/+1They will probably move to Kernel extensions, these jelous developers who never coded anything which got downloaded more than 1000 times will whine about kernel extensions and saying how evil they are and so on.

    It happens to every successful,popular software on any operating system. I remember Linux nerds were going nuts about Linuxconf since it dared to make system configuration easier and more user friendly.
  • Rice, on 10/12/2007, -3/+2There's been a lot of talk about delays. So, this is refreshing in my eyes.
  • undergr0und, on 10/12/2007, -3/+2This is identical to the FW preferences in Server Admin under Tiger. See: http://i11.tinypic.com/46y3kw2.png

    Not new.

    Buried as inaccurate.
  • cocoia, on 10/12/2007, -1/+0Yeah simon, as some people pointed out in the comments on the blog too, it's really, uh, an akward choice for a screenshot.
  • ilgaz, on 10/12/2007, -2/+1People never paid for software seem to fascistically censor my comment. No, I am not giving up $200 professionally coded, licensed software because Apple listens to some lifeless Unix jerks and give up a method of $500M purchased NeXT.
  • eridius, on 10/12/2007, -3/+2No more InputManagers? D'oh!

    There goes my Safari syntax highlighting (for which I wrote my own damn plugin).
  • ThinkBox, on 10/12/2007, -2/+1@ Rice

    You use Camino by any chance?
  • mozzep, on 10/12/2007, -6/+4they do need to improve Safari, it's beginning to get very dated. I don't care about the interface, but it's so sluggish compared to Camino.
  • ilgaz, on 10/12/2007, -3/+1I am not paying $140 to send my $200 to dustbin. That is the price of software I licensed which has some functionality relying on input managers and no, I am not talking about "themes" or so on.

    These bittorrent downloading NDA breakers think Apple is some garage company which breaks users commercial software and manipulate Digg, Ars Technica for their own nerd agenda.
  • kerplunk, on 10/12/2007, -5/+2http://www.duggmirror.com
  • lieutenantmudd, on 10/12/2007, -9/+5Were Input Managers that insecure?

    Giving up the bulk of OS "enhancements" seems like a pretty big price to pay.
  • SlvrEagle23, on 10/12/2007, -8/+3I'm not sure why this is so important in the first place...security is to Apple what gaming is to Windows and availability is to Linux. What did you expect?
  • caliform, on 10/12/2007, -13/+3Two days? I live in Holland, you must be living in yesterday ;)
  • slaughterhause, on 10/12/2007, -26/+3Sweet!! I look forward to seeing this IN JUST TWO DAYS WHEN LEOPARD IS RELEASED!!! :)

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.