[MacTUG] Sandboxing for Fame and Fortune

[Marlon A. Griffith]

Saturday, January 05 2008 @ 10:17 pm CST
Contributed by: MacTroll

New to Leopard is the concept of MACs (Mandatory Access Controls), 
yet another way of overloading the MAC acronym!

MACs in a nutshell allow you to have finer-grained controls about 
what a process can or can't do than you would normally be able to 
provide through basic permissions alone. This enables you have to 
have an incredibly powerful method of protecting against all kinds of 
unknown nefarious creatures that may be looking to own your system.

Read on for more about how this works....


The Problem

Grandma logs into her shiny new iMac and launches Safari. When 
launched, Safari operates with all the rights and privileges that 
Grandma's user account has. If a nasty hole was found in Safari and 
Grandma's web session was compromised the attack would not be able to 
make changes to the System folder, but everything in Grandma's home 
directory, including her e-mail and other personal information, would 
be fair game for the owned Safari.

Doh!

What if we were able to limit Safari, even though it was running with 
the effective permissions of Grandma's account, to only be able to do 
the specific things that it needs during normal operations?  Maybe 
just allow Safari to read or write to a select few places on the 
disk. Perhaps just to its own cache and preferences file and perhaps 
the downloads folder. This would greatly mitigate the damage that an 
attacker could do and still keep the family secret recipe for oatmeal 
chocolate chip cookies, stored in Grandma's Documents folder, safe 
for another generation.

http://www.afp548.com/article.php?story=20080105221725638