[MacTUG] Sandboxing for Fame and Fortune
Marlon A. Griffith
m3griffi at engmail.uwaterloo.ca
Mon Jan 21 11:55:29 EST 2008
Saturday, January 05 2008 @ 10:17 pm CST
Contributed by: MacTroll
New to Leopard is the concept of MACs (Mandatory Access Controls),
yet another way of overloading the MAC acronym!
MACs in a nutshell allow you to have finer-grained controls about
what a process can or can't do than you would normally be able to
provide through basic permissions alone. This enables you have to
have an incredibly powerful method of protecting against all kinds of
unknown nefarious creatures that may be looking to own your system.
Read on for more about how this works....
The Problem
Grandma logs into her shiny new iMac and launches Safari. When
launched, Safari operates with all the rights and privileges that
Grandma's user account has. If a nasty hole was found in Safari and
Grandma's web session was compromised the attack would not be able to
make changes to the System folder, but everything in Grandma's home
directory, including her e-mail and other personal information, would
be fair game for the owned Safari.
Doh!
What if we were able to limit Safari, even though it was running with
the effective permissions of Grandma's account, to only be able to do
the specific things that it needs during normal operations? Maybe
just allow Safari to read or write to a select few places on the
disk. Perhaps just to its own cache and preferences file and perhaps
the downloads folder. This would greatly mitigate the damage that an
attacker could do and still keep the family secret recipe for oatmeal
chocolate chip cookies, stored in Grandma's Documents folder, safe
for another generation.
http://www.afp548.com/article.php?story=20080105221725638
More information about the MacTUG
mailing list