Apple’s Mac OS X 10.6 Snow Leopard security enhanced with 64-bit goodness
Friday, January 16, 2009 - 12:50 PM EST"In addition to expanded sandboxing, the move to 64-bit computing will provide a series of other benefits related to security. Apple's 64-bit binaries set all writable memory as non-executable by default, including thread stacks, the heap, and any other writable data segments," McLean reports.
"This is already present to an extent in today's Leopard Server, which runs some services, such as the Apache web server, as 64-bit processes," McLean reports. "Using the vmmap command reveals that no memory allocated by these 64-bit apps is both writable and executable. On 32-bit Intel systems, while no memory is marked as both writable and executable, the legacy x86 processor design does not enforce the permissions bits, but 64-bit CPUs do. This feature prevents exploits from injecting malicious executable code into memory and tricking the app to run it as it if were its own instructions."
"The move to 64-bits also greatly enhances the Address Space Layout Randomization (ASLR) techniques used to secure Leopard. Currently, 32-bit binaries are restricted to a relatively small 4GB allocation, making it easier to predict useful addresses for malicious code to target. Additionally, Leopard keeps dyld, Mac OS X's dynamic loader (responsible for loading all of the frameworks, dylibs, and bundles needed by a process) in the same known location, making it relatively trivial to bypass the existing ASLR," McLean reports. "With the much larger address space available to 64-bit binaries, Snow Leopard's ASLR will make it possible to hide the location of loaded code like a needle in a haystack, thwarting the efforts of malicious attackers to maintain predictable targets for controlling the code and data loaded into memory."
Full article here.
Send us links! Email: webmaster@macdailynews.com
Apple Store Advertisements
iPhone 3G S: From $199. Free shipping.
New 13-inch MacBook: From $999. Free shipping.
13-inch Macbook Pro: From $1199. Free shipping.
13-inch MacBook Air: From $1499. Free shipping.
15-inch Macbook Pro: From $1699. Free shipping.
17-inch MacBook Pro: From $2499. Free shipping.
New Mac mini: From $599. Free shipping.
New iMac 21.5-inch: From $1199. Free shipping.
New iMac 27-inch: From $1699. Free shipping.
Mac Pro: From $2499. Free shipping.
iPod touch: From $199. Free Shipping.
iPod nano: Now shoots video! From $149. Free shipping.
iPod shuffle: From $59. Free engraving. Free shipping.
Apple TV: From $229. Free shipping.
MacDailyNews on Twitter
MacDailyNews app for iPhone and iPod touch
Related articles:
Mac OS X 10.6 Snow Leopard: 64-bit right down to the kernel - October 28, 2008
Apple’s pure 64-bit Mac OS X Snow Leopard to offer significant performance gains - September 04, 2008
Unlike Microsoft’s Windows, Apple’s Mac OS X does 64-bit right - August 26, 2008
Apple does 64-bit right, Microsoft… not so much - August 03, 2007
Apple’s Mac OS X Leopard is 64-bit done right, unlike Microsoft’s Windows Vista kludge - August 14, 2006
Apple’s Mac OS X Tiger operating system is a true 64-bit environment - April 21, 2005
Apple Announces Mac OS X Server ‘Tiger’ to ship Friday, April 29 with 64-bit application support - April 12, 2005
Apple’s 64-bit iMac G5 much faster than 32-bit iMac G4 predecessor - September 06, 2004
Apple announces new Power Mac G5 line, every model features dual 64-bit processors up to 2.5GHz - June 09, 2004
First Windows 64-bit virus appears; Macintosh unaffected - May 27, 2004
PC Magazine: Mac OS X Panther plus 64-bit Power Mac G5 equals ‘combination even PC zealots can’t hel - January 23, 2004
New Power Mac G5 ships with 64-bit-optimized Mac OS X 10.2.7 - August 19, 2003
It’s official: Apple ships 64-bit Power Mac G5; over 100,000 ordered since June 23rd intro - August 18, 2003
64-bit Power Mac G5 the world’s fastest personal computer - July 17, 2003
Apple to go 64-bit with IBM PowerPC 970 - October 13, 2002
Apple Store Advertisements
iPhone 3G S: From $199. Free shipping.
New 13-inch MacBook: From $999. Free shipping.
13-inch Macbook Pro: From $1199. Free shipping.
13-inch MacBook Air: From $1499. Free shipping.
15-inch Macbook Pro: From $1699. Free shipping.
17-inch MacBook Pro: From $2499. Free shipping.
New Mac mini: From $599. Free shipping.
New iMac 21.5-inch: From $1199. Free shipping.
New iMac 27-inch: From $1699. Free shipping.
Mac Pro: From $2499. Free shipping.
iPod touch: From $199. Free Shipping.
iPod nano: Now shoots video! From $149. Free shipping.
iPod shuffle: From $59. Free engraving. Free shipping.
Apple TV: From $229. Free shipping.
MacDailyNews on Twitter
MacDailyNews app for iPhone and iPod touch
Related articles:
Mac OS X 10.6 Snow Leopard: 64-bit right down to the kernel - October 28, 2008
Apple’s pure 64-bit Mac OS X Snow Leopard to offer significant performance gains - September 04, 2008
Unlike Microsoft’s Windows, Apple’s Mac OS X does 64-bit right - August 26, 2008
Apple does 64-bit right, Microsoft… not so much - August 03, 2007
Apple’s Mac OS X Leopard is 64-bit done right, unlike Microsoft’s Windows Vista kludge - August 14, 2006
Apple’s Mac OS X Tiger operating system is a true 64-bit environment - April 21, 2005
Apple Announces Mac OS X Server ‘Tiger’ to ship Friday, April 29 with 64-bit application support - April 12, 2005
Apple’s 64-bit iMac G5 much faster than 32-bit iMac G4 predecessor - September 06, 2004
Apple announces new Power Mac G5 line, every model features dual 64-bit processors up to 2.5GHz - June 09, 2004
First Windows 64-bit virus appears; Macintosh unaffected - May 27, 2004
PC Magazine: Mac OS X Panther plus 64-bit Power Mac G5 equals ‘combination even PC zealots can’t hel - January 23, 2004
New Power Mac G5 ships with 64-bit-optimized Mac OS X 10.2.7 - August 19, 2003
It’s official: Apple ships 64-bit Power Mac G5; over 100,000 ordered since June 23rd intro - August 18, 2003
64-bit Power Mac G5 the world’s fastest personal computer - July 17, 2003
Apple to go 64-bit with IBM PowerPC 970 - October 13, 2002
= 
I feel safer already...