blog.cocoia.com — My two app-developing friends invited me to take a spin with Apple's most recent build of Leopard. I've checked out a few things that are interesting in the light of security, and I have found that Apple's doing a lot of drastic changes and work to ensure OS X stays secure.
Mar 25, 2007 View in Crawl 4
slaughterhauseMar 25, 2007
Sweet!! I look forward to seeing this IN JUST TWO DAYS WHEN LEOPARD IS RELEASED!!! :)
kerplunkMar 26, 2007
<a class="user" href="http://www.duggmirror.com">http://www.duggmirror.com</a>
spacedcowboyMar 26, 2007
Um, this looks very (*very* !!) similar to the existing Tiger "server" admin ui. It's actually a lot more flexible than it appears in the post - he's just looking at the 'all' settings there...I use this s/w pretty much every day (the network-bandwidth graphs are pretty as well as useful :-) It's not new.Simon
newbill123Mar 26, 2007
@lieutenantmudd asked: "Were Input Managers that insecure? Giving up the bulk of OS 'enhancements' seems like a pretty big price to pay."Skinning the interface on Windows went from being a harmless distraction to being insecure both technically and socially. Funky cursors and differrent colored buttons seems harmless but it allows malware to be installed and will even encourage the end user to help that process along. "If you want the cute little Winnie The Pooh skin, you'll have to enter your password to install it." The problem isn't the input managers but the abuse of the way these things were implemented. Code Injection was a hack that was useful for debugging and for breaking some of the hard and fast communication barriers during code execution. It was always a security issue, but now that it's gone from being a quirky debugging method for programmers to being an end-user patching mechanism (with the popularity of haxies and so on), it was ripe for being subverted by malware authors.Apple has seriously beefed up debugging in Leopard (with Dtrace debugging and neato apps like Xray) so the loss of code injection for debugging isn't as big a deal. It means some workflow changes.But for the end user, the loss of haxies and other things that relied on code injection will seem draconian. Apple isn't going out of its way to open up a new way to skin the user interface or any of the other surreptitious ways to hack an app with code it wasn't aware of when it was compiled. Perhaps VMWare or Parallels will come out with a virtualized Tiger environment where users could still run old code (with all of it's liabilities) under Leopard. I don't think Apple will be first on the block to undermine their own OS though.
cocoiaMar 26, 2007
Yeah simon, as some people pointed out in the comments on the blog too, it's really, uh, an akward choice for a screenshot.
ilgazMar 26, 2007
They will probably move to Kernel extensions, these jelous developers who never coded anything which got downloaded more than 1000 times will whine about kernel extensions and saying how evil they are and so on.It happens to every successful,popular software on any operating system. I remember Linux nerds were going nuts about Linuxconf since it dared to make system configuration easier and more user friendly.
nayrMar 26, 2007
Inpput Managers, along with mach_star, aloud programs to 'inject' or 'patch' code in running applications. This is pretty much the definition of a security hole.I myself wrote a key logger, just to see if I could. You still can, but it's a lot harder, and requires root access (i.e. a keyboard driver, does this even exist? maybe a USB driver or something.)Also, if y'all are REALLY anxious to get this, you could always enable it with their own patched kernel!
ilgazMar 26, 2007
@nayr we are in 2007, nobody touches anything without installing a rootkit first. We are speaking about 100.000 machines who are commanded by layered master machines who are looking for exploitable "recruit" machines to do their job.InputManagers making you nervous? Secure and lock them.You can even do it via Finder. The lack of Input Managers invites 3rd party Kernel Extensions which can be really serious issue.About the admin access? Check versiontracker top 100,who doesn't ask for Admin password and who thinks or reads the actual EULA while granting access? There are some entries there with EULAS you grant to install third party toolbars to your browser before such functionality exists on Safari. (Hopefully will never exist)Finders schizoid state still not resolved too. It still cares about extensions and resources same time. That is a deep down security problem. Trying to mimick Linux is not the solution. App signing, kernel extension signing, locking down signed stuff is way to go. Removing a NeXT function is not.
ilgazMar 27, 2007
Input Managers are NOT removed, they are disabled by default and you can ENABLE them.The screenshot I found from a blogs comments: <a class="user" href="http://img227.imageshack.us/img227/7002/sssmr7.jpg">http://img227.imageshack.us/img227/7002/sssmr7.jpg</a> --->Not my screenshot, I never use default OS X theme :)It is just like startup items fix. OK, security wanting super cool nerds can enjoy their disabled input managers while we will enable them.Best of both Worlds, issue solved.