Understanding Mac OS X Kernel

An anonymous reader writes "Kernelthread.com has published a flash presentation overview of the Mac OS X kernel. Its title is 'A Tour of the Mac OS X Kernel' and it also covers Tiger features. Maybe interesting to note is that the slides are from a talk given to the NSA. Well, there is a nice security architecture diagram towards the end of the presentation."

amazing!

A flash presentation that didn't turn my p4 into a 386!

Re:amazing!

What, did it turn it into a G5?

inside the kernel

Does it give away the kernel's secret recipe?

Eek, a presentation in flash!

There is no way to step back (at least I found none), to get an overview, to jump to a certain frame (like the mentioned security architecture diagram) - why do people make presentations in flash, instead of pdf or css (example [andybudd.com])?

Keynote

I'm willing to bet it's in Flash because he did the presentation in Keynote. While the SWF export in Keynote isn't great, at least it preserves transitions, fonts, and other formatting options and doesn't look like shit (like the HTML export of another presentation software).

Plus, it takes one step to export. I haven't seen anything that will do that with CSS.

Worthless filesystems.

So HFS+ can only support file sizes up to 8 exabytes. What a worthless filesystem.

Re:Worthless filesystems.

And here I was, hoping HFS+ would provide the means to fit all my pr0n on it.

Embedd C++

I find it interesting that parts of the Kernel were written in Embedded C++. I haven't had the opportunity to use this although I'd love too. Anyone have an experience with EC++ they'd like to share?

Re:Embedd C++

Embedded C++ is upwards compatible subset of ANSI Standard C++. So if you have written very simple C++, for example when coming from C and making your first C++ program, you probably "used" EC++. It is just C++ without namespaces, templates, exceptions, RTTI (Runtime Type Identification), STL (Standard Template Library), and some other stuff that might make executable noticeably bigger and cause unwanted memory consumption.

* Encrypted swap (optional, uses AES)

Wow.. So it looks like they finally fixed this security bug where the password could be discovered in the swap. Anyone know how to turn this feature on? (don't have Tiger yet & a quick Google search turns up nothing)

In the same vein, I recall OS X versions up to jaguar had weakly-hashed user passwords in a SAMBA directory somewhere. If I'm remembering correctly, can someone verify that this is no longer the case in Tiger?

W

Re:* Encrypted swap (optional, uses AES)

Wow.. So it looks like they finally fixed this security bug where the password could be discovered in the swap. Anyone know how to turn this feature on?

There's a "use secure virtual memory" checkbox in the security preference pane.

Flash under Windows

I take it nobody with a Windows box even tried to view the presentation. All of the space characters are rendered as "x20", which makes it a bit tough (nee impossible) to read.

Re:AES encryption under the hood?

Apparently not:
http://en.wikipedia.org/wiki/AES#Security [wikipedia.org]

Re:AES encryption under the hood?

You're wrong.

Maybe you're thinking of the old DES standard.

http://en.wikipedia.org/wiki/Data_Encryption_Stand ard [wikipedia.org]

Re:AES encryption under the hood?

FS and swap encryption is used to encrypt user's home directories. This is the "File Vault" functionality of OS X. Tiger adds the ability to optionally encrypt the users swap space also (only on file vaulted home folders) to secure the users memory space as well. A file vaulted home folder becomes a sparse disk image file (a disk image that can grow in size as it's written too) that uses the users account password to open. If the user losses their account password then the admin can use the master file vault (set separately) to restore the users home directory. That scenario only really applies for multi-user systems.

I am not sure what bit of AES is used though. I would guess 128 bit at least.

Re:So, HFS+ can be case-sensitive...

Like this: http://www.codepoetry.net/archives/2003/10/26/case sensitive_hfs_for_the_masses.php [codepoetry.net]

Re:So, HFS+ can be case-sensitive...

Just use diskutil on 10.3 or Disk Utility in the GUI on 10.4. Josh

Re:Bad SWF file?

I got that under firefox, it works fine in IE

Re:NSA deciding how to break into Mac computers?

Sorry to dint your tinfoil body suit, but the reason the NSA is interested in OS X is because they use OS X. I have a very interesting, very thorough PDF authored by the NSA (report #I331-009R-2004) on how to secure an OS X box, from install through end use. Very interesting, and I learned a bit.

Re:Bad SWF file?

Maybe you have Flashplayer 6 installed instead of Flashplayer 7?

Re:NSA deciding how to break into Mac computers?

The NSA is not allowed to break US laws. Of course, they spy on other countries, so they're probably allowed to break other countries' laws.

As for the other nasty stuff, it sounds an awful lot like your tinfoil hat is on too tight.

Also, if you want to hack a computer, you probably care more about the services running on it than the guts of the kernel, at least up to the point where you install a rootkit. They probably care more because they want to use MacOS X in a highly secure environment. SEDarwin anyone?

Shocking ignorance of U.S. government activities

It's shocking how ignorant people are of the activities of the U.S. government. Look at some of the other replies to the parent post.

Most openly managed organizations have great difficulty staying on track. Secret organizations develop bad habits very quickly. In secret organizations, cover-ups become habit. Even the cover-ups themselves can be kept secret from other people in the same organization.

Supposedly, U.S. spy agencies are not allowed to break U.S. laws. However, organizations that hire people to break the laws of other countries don't suddenly have moral control over the law-breakers when they return to the United States.