Snow Leopard Missed a Security Opportunity 304
CWmike writes "Apple missed a golden opportunity to lock down Snow Leopard when it again failed to implement fully a security technology that Microsoft perfected nearly three years ago in Windows Vista, noted Mac researcher Charlie Miller said today. Dubbed ASLR, for address space layout randomization, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus makes it harder for them to craft reliable exploits. 'Apple didn't change anything,' said Miller, of Independent Security Evaluators, the co-author of The Mac Hacker's Handbook, and winner of two consecutive 'Pwn2own' hacker contests. 'It's the exact same ASLR as in Leopard, which means it's not very good.'"
It doesnt matter... (Score:4, Funny)
Re: (Score:2)
There just as immune as Linux is.
Re:It doesnt matter... (Score:5, Interesting)
Let's assume the Mac share is around the same as Linux, both close to 10% which I think ain't too far off. An attacker can plan an attack on something they're guaranteed exists because it comes out the factory that way on every model, identical, with a slow acting vendor so the windows stays open for a while.....or they can plan an attack on a fast moving target that may only affect 30% of machines, and the window of opportunity will be gone within a day of it being noticed.
Both Mac and Linux users tend not to run any protection software like Windows users NEED just to have their system stay alive till lunchtime, so any infection if successful will likely go unnoticed. Both Mac and Linux users often feel their systems are immune. In the case of Mac users, the people who can afford Macs have money (or at least HAD money before they bought their Mac) so combined with a blind spot for self protection they should be a ripe juicy target. Yet, apart from the odd story like this one which is self inflicted by Apple, it's still rare.
OSX is UNIX, which is a HUGE advantage over Windows, but the closed Apple mono culture prevents it from being used to it's fullest.
Re: (Score:2, Insightful)
Most Linux distributions seem to run a good set of Core Applications that are relatively common across the distributions, and many ways a lot of tiny security holes that are not always designed for full security and expecting the security to happen the next level up but they don't necessarily know who that is and what exactly it does as in theory it could be different. So when there is a glitch there is a bunch of finger pointing as there is no mono-culture who is interested in making the overall product b
Re: (Score:2)
I blame the admins there. If they aren't paying attention to vulnerabilities in their server packages, they're shitty admins. Windows servers are the same way. No admin worth the title runs AU on a production server, and they take just as long to patch their servers.
Not an OS problem, but a shitty admin problem.
Re: (Score:3, Informative)
Yup, when it comes to servers, the admin is more important than the OS. If the admin knows what he's working with, he can keep even the worst OS more or less secure.
We had a similar issue at work. Our servers were all working off a group policy that allowed AU. It was set up that way long before I started there. Sure enough, AU took down the mail server one day while forcing a reboot after a patch. Lesson learned.
The biggest threat to security is an admin who isn't intimately familiar with their systems. We
Re:It doesnt matter... (Score:5, Insightful)
A big post full of ifs and coulds. But I guess because of the size, it's modded up.
So when there is a glitch there is a bunch of finger pointing as there is no mono-culture who is interested in making the overall product better but just one piece of it.
RedHat, Canonical, SuSe, Debian, et cetera have not written all software that make up that distribution, however, their core reason for existing is that they take responsibility for the overall picture.
So often the security fix doesn't fix the core issue just a stop gap somewhere in the line.
Care to give examples?
And if that module was replaced with an other then it could happen all over again.
Just like other platforms.
You'll have to do a lot better than that.
Re: (Score:3, Informative)
Re: (Score:2, Insightful)
Carter wasn't the most ineffective president ever. That title probably goes to Wilson, Hoover, or Coolige. Carter's only superlative feat was to be the most unremarkable president ever. History will remember him for being so forgettable. Oh, and the nuke ban. Double folley from someone claiming to have actually been a nuclear engineer.
Re: (Score:2, Insightful)
Are you kidding! In my mind Carter is the most remarkable & memorable president ever. Not only did he see a UFO, but he was attacked by a vicious rabbit that swam out to attack him while he was fishing.
As a president though you are right, Jimmy Carter is the meh of presidents.
Re: (Score:2, Insightful)
Re:It doesnt matter... (Score:4, Informative)
Should Apple implement it? If they want to be secure, then yes.
Quite frankly, Macs are more secure against certain classes of attacks. Making a global statement about it being more secure is wrong, though. Macs enjoy being less of a target since they are a small number of them out there. To think they are safe is pretty naive. The guy has proved multiple times he can hack them without much trouble.
Re:It doesnt matter... (Score:4, Insightful)
This is still a myth, why waste effort on a system that is inherently harder to crack when low hanging MS fruit is still available. Even when Macs make up more of the market it will still not be that big or easy a target. Popularity has very little to do with why a system gets viruses or there would not have been as many viruses for the old Mac systems and there were a shit load of them for OS7, 8 and 9.
Re: (Score:3, Informative)
You have to remember that the old OS7, 8 and 9 systems WEREN'T connected to the internet. Also, virus writers in the 1990s were writing their virii in x86 ASM code. The Macintosh computers were running Motorola processors. In this day and age, the people writing serious security exploits are criminals and governments. Th
Re:It doesnt matter... (Score:4, Insightful)
No it isn't. Malware is big business now and you don't make money by targeting niche markets.
And this is why OS X was the first target to go down at the last two Pwn2Own competitions? Safari too at the last P2O. But as I said, malware and hacking is all about money these days and this is pretty much the only thing keeping Apple safe. Apple commits the same security sins as Microsoft, security through obscurity, encouraging bad user behaviour (no passwords) and go a bit further by denying current vulnerabilities and bugs (MS do issue warnings about known vulnerabilities) then attempt to silence those who speak out.
The fact that all Mac machines are practically identical means that if an Apple virus is ever released into the wild it will be much easier to infect more machines, it also means that malware authors can target drivers as all Mac hardware will be using similar drivers. The only reason this hasn't been done yet is that no-one will make any money by targeting 3% of the worlds computers. Linux is a bigger target because Linux can be found on many more servers which make for better spam/botnet hosts. In the world of botnets for hire popularity has everything to do with it as the size of a botnet directly relates to the size of the paycheck.
Surely this is only of any use to a hacker if ... (Score:5, Insightful)
Re:Surely this is only of any use to a hacker if . (Score:5, Informative)
ASLR makes executing code on the stack quite a bit more difficult, regardless of what privileges the program being exploited may have. Also makes calling libaray functions and pretty much anything in RAM far more difficult for a hacker. Page protection doesn't protect against these attacks per se.
Re: (Score:3, Informative)
In order to "look in the same place", you need to have code that does the looking. The NX bit will prevent arbitrary code from executing on the stack. One way to get around NX is to overrun a buffer and replace the return address of the stack frame with a known function address that does what you want. In order for this to work, you need to know the address in advance of the attack. ASLR makes it difficult to predict this address.
Re: (Score:2, Interesting)
Re:Here they come... (Score:5, Funny)
Then how does your network card work?
Re: (Score:3, Funny)
He's obviously still on dial-up.
Re:Here they come... (Score:5, Informative)
1. You identify a system API that has a local escalation vulnerability. These aren't that uncommon and because they cannot be directly exploited remotely they're not generally as high of a priority.
2. You identify a vulnerability in a service or other application that permits execution of arbitrary code remotely.
3. You exploit the remotely exploitable vulnerability with a payload that calls into the known mapped address of the system API with a second payload in order to escalate to root and then execute a third payload with those increased privileges to outright p0wn the machine.
Re:Here they come... (Score:4, Funny)
Re: (Score:2, Funny)
He didn't even spell pwn right. What is the world coming to when people can't even write in l33tsp34k properly?
Re: (Score:3, Funny)
Re:Surely this is only of any use to a hacker if . (Score:5, Insightful)
It does not make it obscure, it makes it unpredictable.
You may figure out the location of something once, but it will be somewhere else on a different computer, or even on the same computer after a reboot.
Re: (Score:2, Redundant)
If you can run code that you did not load then your system is broken, if it is at a random location then you should not have access to it, at all, ever
ASLR is all very well but if it ever succeeds in stopping something it just proves the rest of your security is not working .... ...and most exploits *still* just ask a user to run a program, at which point all this is moot ....
Re:Surely this is only of any use to a hacker if . (Score:4, Insightful)
Once someone writes an entire fully-functional OS with absolutely no security vulnerabilities (take your stab at it and tell me how that turns out for you), the need for ASLR will vanish... oh wait, no it won't because there'll still be other applications, drivers, etc. from third parties which will be insecure.
*sigh*
Re: (Score:3, Insightful)
If all else fails, yeah, you should have done it better, but why should the user suffer for it? Wouldn't you (and him) wish there was one more obstacle that might just trip the hacker? Anything? ASLR is something.
Computer security (good security) goes for redundancy. You add as much protection as makes sense. You never say 'that layer is perfect, there's no need for another layer' (there's no such thing as perfect). You don't say 'we're not a target' (everybody is, since attacks have been automated). You do
Re: (Score:2, Insightful)
Re: (Score:2)
This is the sort of posting that makes me think Slashdot should rename the "Anonymous Coward" account to "Anonymous Idiot."
So says someone posting as Anonymous Coward.
Re: (Score:3, Insightful)
Slashdot loves to underestimate "security by obscurity". However it is usually the first line of defense, and it works quite often. It is like locking your door without a deadbolt, It keeps the honest, honest. If it is hard to know how to get in. Then most "hackers" will not be able to get in, until some real hackers actually take their time un-obscuring and getting familiar with the system, and then write an easy script for the script kiddies to take advantage of. However having it obscure could put ye
Re: (Score:3, Informative)
Most Slashdotters don't understand what security is. Security and safety are not synonymous. Obscurity may make you safer, but it does not make you more secure.
Re: (Score:2)
True however most "Security" Fixes are Safety fixes. Security is a 100% Guarantee, Safety if better then nothing.
Re:Surely this is only of any use to a hacker if . (Score:4, Informative)
Tagging doesn't work for me anymore, so I picked the post with the most use of the word 'obscurity'.
This is not security through obscurity (STO). STO can always be exploited when you know how the algorithm works. Address space randomization cannot be exploited (immediately). You still have to start the executable maybe hundreds of times before the exploit works. This is easy if it's some short piece of code you've crafted yourself, but with real applications, it's not so simple.
Imagine a hack where you send some exploit to somebody over IM. If it doesn't work, the IM client *will* crash as it tried to execute some random portion of memory. How are you going to try your exploit at a different address now?
Re: (Score:2)
Um evil genius. You need a five year old on your board of advisors.
If you put the building full of gold nowhere and tellno one you create a security vulnerablity when you tell guards and the contarctors who install the rest of the security. Once you tell anyone. You already start putting holes in yoursecurity.
This article sucks (Score:2, Interesting)
Even so, Miller said, Apple made several moves that did improve Mac OS X 10.6's security. Two that stand out, he said, were its revamp of QuickTime and additions to DEP (data execution prevention), another security feature used in Windows Vista.
DEP has been around for a long time and has been in XP since at least SP2.
"[the quicktime rewrite] was really smart, since it's been the source of lots of bugs in the past."
bugs != security failure (although they can cause one... the bad math issues in excel 2007 aren't particularly exploitable, just annoying)
Re:This article sucks (Score:4, Insightful)
Re: (Score:2)
DEP has been around for a long time and has been in XP since at least SP2.
DEP was recently improved, which is shown by the text you C&P. Fail.
It is a simple fact that Vista/Windows 7 has the best implementation of ASLR in the desktop market today. Linux's is not as good, and OSX's isn't even close. The other lesson you can take away from this is that OSX really does get attacked less than Windows due to market share, because OSX is easy to own! Oh wait, there's one more: Apple either doesn't think it is a problem, or requires more than two years to address an important securi
Re: (Score:2)
It is a simple fact that Vista/Windows 7 has the best implementation of ASLR in the desktop market today. Linux's is not as good
The default ASLR is not as good, but with the Linux kernel you can add PAX or Execshield. Windows or OSX doesn't have such expandability.
http://en.wikipedia.org/wiki/Address_space_layout_randomization#History [wikipedia.org]
Re: (Score:2)
Vista has already been hacked! Hacked quite quickly. So much for ASLR and DEP.
Nothing I said, and nothing in the article itself contradicts this. The statement was that OSX's implementation of ASLR is useless, and this has previous been shown to be true. It suggests that Windows really IS attacked more because there's more point to it, because it has repeatedly been shown that buffer overflows are at least as easy on the mac as they are on other platforms, and in fact, substantially easier.
Simple facts: market share does not increase the security exploits of an OS. You either have a 1,001 exploits or you don't.
This is obviously false, and stupid to boot. Market share does not increase the attack surface
Re: (Score:3, Interesting)
If you are trying to get as much money as possible which would you do:
A)Write a program to get control of 90%+ of computers in the world
B)Write a program to get control of 3-5% of the computer in the world
Why would people trying to make money even go after the smaller amount of computers? Plus a lot of people hate microsoft. Any company that is against mocrosoft they will leave alone.
By the way, if OSX is so secure why am I rebuilding OSX machines at work since those machines are actively attacking other ma
Two week old "news" (Score:5, Informative)
The summary alleges Miller said it "today". Except he didn't.
The article linked to is dated September 14, which means he allegedly said it 2 days ago. Except he didn't.
He actually said it *two weeks ago* on August 29th. [theregister.co.uk]
Wake up, editors!
Re: (Score:2)
This is /.
They're only "editors" if you put it in quotes
He'll stop complaining when... (Score:5, Insightful)
Call me a cynic, but I somehow think he, and everyone else that looks at OS security, will still find things to complain about. The tech blog and journalism industry depends on it!
Re:He'll stop complaining when... (Score:4, Insightful)
Isn't that human nature? Well, some humans' nature, anyway?
Such as...
>> Gates foundation to donate $2.5B to cancer researh
> BOO! HISS! HE'S JUST USING IT AS A TAX WRITE-OFF AND AS INDIRECT GOOD-WILL FORMING PR FOR M$!!!!!
*shrug*
If, in the end, it makes OS X an even better operating system, then I say to the tech blog and journalism industry: complain on.
Re: (Score:2, Interesting)
Re:It will cost them at some point (Score:4, Insightful)
As a long time Mac user, I completely agree with you. I have long thought Apple did not take security seriously or at least did not devote the resources they should on security matters. Worse, I absolutely do not want to go through a decade of painful and annoying security problems (like the windows users went through) before Apple begins to put real effort into security.
On Snow Leopard, I've told everyone in my family to ignore Snow Leopard until some convenient time after Christmas or so. There's not much in it for regular users and I am not aware of a single application that really leverages the new technology found in Snow Leopard... so there's no rush upgrading.
Oh... one last thing: Wasn't OpenBSD doing this long before windows?
Re:It will cost them at some point (Score:5, Interesting)
As a long time Mac user, I completely agree with you. I have long thought Apple did not take security seriously or at least did not devote the resources they should on security matters. Worse, I absolutely do not want to go through a decade of painful and annoying security problems (like the windows users went through) before Apple begins to put real effort into security.
To be fair, Apple have focused much more on the user-facing side of the security problem. There's just much less likelihood of a user installing something bad by accident. Deliberate badness is a problem (always) but by reducing the problem with accidents, real on-the-ground disasters are lessened. (It helps that Mac applications are really directories, and so aren't quite as simple to start from some website by accident, and their filesystem-level metadata that marks downloaded things with where they came from also makes a difference.) Which isn't to say that the other techniques are a bad idea; defense-in-depth is the watchword. But true high-quality security solutions need to address many levels of problems, including both system-level ones and user-facing ones.
Oh... one last thing: Wasn't OpenBSD doing this long before windows?
I believe so. It sounds like the sort of thing they'd do...
Re: (Score:3, Insightful)
I have long thought Apple did not take security seriously or at least did not devote the resources they should on security matters.
There are several parts to this that are interesting. Is Apple slacking off on implementing new security, or are users like you just not learning about the security improvements Apple has made. Do you remember hearing about when Apple's sandboxing made them just about the only vendor to not be vulnerable to a local service exploit a few years back? Have you ever seen a mainstream article mentioning Apple uses sandboxing?
That said, at last some of Apple obviously pays no attention to security, but that's no
Re: (Score:3, Insightful)
Security researchers and various crackers have been saying for a few years now that OS X hasn't implemented a lot of security features that even Windows has.
I largely tend to think of it as "security buzzwords that even windos has".
There's a lot of them in the newer releases. But the overall questions we have to ask is whether or not it makes the system more secure. When your machine gets owned, you couldn't care less for the checklist of buzzwordy "security" features that just got bypassed. Your security was compromised, end of story.
OS X has less of them. Check.
OS X also doesn't have many of what I'd call necessary things (MAC, RBAC to name just a few. MLS if
Re: (Score:2)
Well that depends on whether the average mac user is richer and buying a proportionally more expensive machine, or starts out the same as your average PC user and just ends up poorer after the transaction...
Strange... (Score:2)
The article asks why they didn't do ASLR, especially since snow leopard is touted as a "performance and reliability" update...
Since when does ASLR improve performance or reliability? If anything, it would decrease performance and could cause compatibility issues with some badly written code (and exploits) and thus decrease reliability too...
Also, the article talks about windows but doesn't mention that linux had dep and aslr long before windows did, and still has a far more complete implementation.
Re:Strange... (Score:4, Insightful)
Since when does ASLR improve performance or reliability?
To quote TFA: "If someone else is running your machine, it's more unreliable than if you're running it,"
Re: (Score:3, Funny)
Not at All "Perfected" (Score:5, Informative)
If there's a phrase that should trigger skepticism, that's it. ASLR isn't "perfect", and has been reported (and confirmed) exploited [dslreports.com] as recently as 7 months ago:
Re:Not at All "Perfected" (Score:4, Interesting)
opted out non ASLR code .. :o (Score:3, Interesting)
An interesting hypothesis. Why would they put opted-out non-DEP and non-ASLR code in IE8. And do you have any verifiable third party citations for the above. Wouldn't a more likely explanation was that MS fixed the vulnerability after the fact.
ActiveX intranet sites (Score:2)
Why would they put opted-out non-DEP and non-ASLR code in IE8.
If the "Internet" zone uses DEP and ASLR but the "Local intranet" zone opts out, that's probably designed to keep ActiveX-based intranet sites working.
Am I missing something. (Score:3, Insightful)
address space layout randomization
I though this was a feature in OS X 10.5? Was it not implemented or just not implemented as well as other OS's?
I remember hearing about it as a feature for 10.5.
Re: (Score:2, Informative)
address space layout randomization I though this was a feature in OS X 10.5? Was it not implemented or just not implemented as well as other OS's? I remember hearing about it as a feature for 10.5.
From TFA:
Two years ago, Miller and other researchers criticized Apple for releasing Mac OS X 10.5, aka Leopard, with half-baked ASLR that failed to randomize important components of the OS, including the heap, the stack and the dynamic linker, the part of Leopard that links multiple shared libraries for an executable.
already there, and easily patchable (Score:2, Insightful)
So they're at least using some ASLR, which they can patch for later, and they got Snow Leopard out the door earlier rather than later.
If you're running your business on OSX Server, you didn't immediately go upgrade anyways, so where's the harm, other than early adopters claiming their ASLR isn't as cool as it could be?
More sandboxd ! (Score:2)
Snow Leopard does actually improve on Leopard's security. I can't even get processes that run as admin to save files to world-writeable locations anymore.
Sandboxd reports a "deny file-write*".
Fecked if I can get it to work.
Silly ASLR (Score:3, Informative)
ASLR is sorta like moving the location of the barn door, while keeping it wide open.
Hint: The cows can still get out.
Perhaps the guys at Apple realize this and give ASLR a low priority for implementation.
Even so, adding ASLR to the Apple OS is something they could do with relative ease-- change the kernel and user-space mallocs() to be less predictable, munge the call stacks tobe less predictable, etc, etc, etc,---- mostly stuff that can be done with 50 lines of code here and there and not too many other places.
But again, it would be much more efficient to put that effort into closing any open barn doors, rather than painting the open gateways in random colors. Every five seconds.
Re: (Score:2)
Even so, adding ASLR to the Apple OS is something they could do with relative ease...
...And is something they did years ago. The issue being discussed here is Apple did not use ASLR to randomize the dynamic loader, which is a significant and juicy target. Applying it to the dynamic loader, however, is a nontrivial task.
Re: (Score:3, Informative)
ASLR is sorta like moving the location of the barn door, while keeping it wide open.
Yes, which is why you keep the door closed. The point of ASLR is to provide some extra degree of protection in case someone accidentally forgets to close the door. Since it happens every now and then anyway (and, yes, in OS X too), it makes sense to have some additional protection.
Also, you rather underestimate the effect of ASLR. It makes reusable fire-and-forget exploits of buffer overruns (which are the single most common source of security issues) extremely difficult to write.
Re: (Score:3, Insightful)
And another thing. To my understanding ASLR one purpose is that when there's a exploitable buffer overrun and it is exploited to call some system function the process goes KAB0000M! Now if you have couple of hundreds these kabooms in your log files you probably start to suspect that something fishy is going on.
Without ASLR your box gets exploited and you get nothing in the log file.
Microsoft perfected ASLR ? (Score:5, Informative)
Address space layout randomization is a technique to randomize memory addresses of the base of the code, stack, heap, and libraries. First used by PaX and OpenBSD [laconicsecurity.com]
Good article on Snow Leopard improvements (Score:2)
Parent's reference is better than the orginal... (Score:2)
OS X Security Reporting (Score:5, Insightful)
I always find articles about OS X security, especially in discussion, painful. First you either have a security expert writing and being translated by a fairly clueless reporter, or you have a clueless reporter writing. In the former case what makes a good article and gets press is usually a security person pointing out weaknesses or flaws in OS X. After all, saying OS X still doesn't have much risk of malware for the average user is like reporting that most GM cars still use gas. It's old info and not news. The other type of article that gets picked up are soft articles about how cool OS X is and how it can't get malware, written for the 90% of the populace that has never used it, but from an uniformed perspective.
Inevitably when either kind of story goes up on Slashdot we see tons of people who know little or nothing about what security is actually implemented in OS X, spouting off one way or the other, usually emotionally defending their favorite OS.
So in this case we have a fairly knowledgeable security expert talking about security in OS X. His sentence about ASLR begins, "One major disappointment in the midst of all these security enhancements..." Based upon what reporters have made of his paper, do any of you know what those security enhancements are? Contrast the expert's conclusion:
While the only true test of security is how effective it is in the real world, on paper it looks like life is now at least a little harder for any potential Mac attackers.
With the title of article linked to:
Apple missed security boat with Snow Leopard, says researcher
That's not to say the article is a filthy lie. It is completely true. Apple did miss the opportunity to improve ASLR for the heap. That's very true and important and disappointing. It's also the only OS X security news most people will hear and that, is misleading. It's not the writer's fault either, they're just writing what's interesting and "news". Writing an article on how Apple's security got moderately better in a number of ways and Macs are still unlikely to have many serious or widespread malware problems going forward for a few years, is not news.
And Apple is not blameless about what press reaches the public either. Apple is pretty quiet about security features in OS X because they don't like to bring up the topic for the general public, except in very generic ways. Their plan seems to be "tell users the security is cool and good and make sure they know they're unlikely to get viruses, but don't confuse them with details. Experts can read the whitepapers." This leaves out the whole middle portion of the spectrum, not security experts but not completely clueless either.
It would be nice to have meaningful discussion on some of the OS X security features, but that might be too much to hope for. What do people think about the sandboxing approach and has anyone noticed any particularly surprising sandboxed services in Leopard? The mixed 32-64 bit thing seems like an interesting choice, with 64 bit application development now motivated by artificially restricting access to some new APIs. Since a lot of the security improvements are tied to 64 bit applications and/or 64 bit processors, do people feel this was an attempt to direct developers for security reasons or just to speed the transition for other reasons? What do people think the other heap protection checksums and protections for 64 bit kernels. Will we transition to 64 bit fast enough so that they will be useful? How about the application signing being tied to the application level firewall? It seems like Apple could have made that a default and really motivated developers to use it, but decided to go in baby steps instead. And why in the world has Apple not created a proper application and update manager that extends to third parties? That seems like a no-brainer from a security and usability perspective.
Re: (Score:3, Interesting)
There's a few significant differences in the "modern" runtime library introduced with Mac OS X 10.5. I believe they've put some effort into making applications running against the modern runtime more resistant to runtime changes.
But there's a catch: The modern runtime is not binary compatible with applications built to the old runtime. That's no problem for 64-bit apps, where there was nothing compiled against the classic runtime. (10.4 didn't support any 64-bit processes at all, and even the limited hybrid
ASLR on PowerPC? (Score:2)
I read somewhere that the OSX had ASLR, but only for the PowerPC, not for x86. I can't remember if it was part of the PPC architecture or Apple just being lazy in porting ASLR. Can somebody point me to an article more about this (or explain more about what is so special about PPC)?
Re: (Score:2)
I read somewhere that the OSX had ASLR, but only for the PowerPC
This is incorrect. OS X uses ASLR on all chips. Some other security features dealing with memory only work using a 64 bit processor, kernel, or application or combination thereof.
Justified praise (Score:5, Informative)
Microsoft's Windows Vista and Windows Server 2008 have ASLR enabled by default, although only for those executables and dynamic link libraries specifically linked to be ASLR-enabled.[citation needed] This did not include Internet Explorer 7 on Windows Vista prior to Service Pack 1; ASLR and DEP are both disabled for application compatibility purposes. Newer versions, including Internet Explorer 8, enable these protections. A registry setting is available to forcibly enable or disable ASLR for all executables and libraries. The locations of the heap, stack, Process Environment Block, and Thread Environment Block are also randomized. A security whitepaper from Symantec noted that ASLR in 32-bit Windows Vista may not be as robust as expected, and Microsoft has acknowledged a weakness in its implementation.
It appears that only OpenBDD and some hardened Linuxes (not mainstream distributions) have a complete implementation.
Re: (Score:2, Informative)
The pwn2own article mentions the Win7/IE8 ASLR/DEP vulnerability that was patched before the final version of IE8 was released http://dvlabs.tippingpoint.com/blog/2009/03/27/pwn2own-ie8-exploit-foiled-is-the-browser-finally-secure [tippingpoint.com] . Evidently the hack still works if launched from an intranet.
Re: (Score:3, Informative)
"Microsoft perfected nearly three years ago"
OpenBSD has had this for many, many years. Microsoft used the OpenBSD code as a starting point for their own product. Love the BSD license!
Re:Oops (Score:4, Informative)
Praise for MS by kdawson.
There fixed that for you.
Re: (Score:3, Informative)
OpenBSD has been using these techniques a lot longer than Microsoft has, so I suspect that there is not (yet) an issue of patents to be licensed.
Mod parent up (Score:4, Interesting)
Re: (Score:3, Insightful)
Maybe because the OpenBSD implementation is rock solid and really safe - but drags down the performance like a stone?
There are many neat features (usually security related) in OpenBSD. Sadly it's not as simple as "copying" the implementation when the OS of choice has a different aim than being the most secure one on the planet.
Don't get me wrong. I like OpenBSD for what it is. But I don't think that you can solve every (possible) security issue by simply following the OpenBSD solution because at the end you
Re: (Score:2)
Why doesn't Apple just adopt the OpenBSD mmap and just close this hole?
Apple already uses mmap in OS X. Apple has actually borrowed a lot of cool security features from BSD (like the trusted BSD MAC implementation). What people are complaining about is not that Apple doesn't have ASLR, but that they haven't done the work to apply it to the dynamic linker, which is admittedly a tricky thing to do.
Re:Microsoft technology? Really? (Score:4, Informative)
Linux's implementation of ASLR is substantially inferior to Windows Vista/7's, which was covered the FIRST time this guy won the pwn2own contest. However, it is far superior to OSX's, which appears to not really do anything useful, and which appears to have not even changed since it was discovered that OSX ASLR is useless. Please try to keep up, or don't comment. Thank you.
Re: (Score:2, Insightful)
Linux's implementation of ASLR is substantially inferior to Windows Vista/7
[citation needed]
Re: (Score:2)
To be fair, aside from
"Linux has enabled a weak form of ASLR by default since kernel version 2.6.12"
Very little information about the faults of the default ASLR seems to be readily available.
Although while hunting I did learn linux has a software implementation of the NX bit if you don't have it in hardware, which is nice. Nothing on the details of why the windows implementation is superior emerged.
It is odd for the kernel guys to accept something which isn't the superior design choice, they are perfectionists like that to an extent.
Re: (Score:2)
It is odd for the kernel guys to accept something which isn't the superior design choice, they are perfectionists like that to an extent.
Define "superior". This article [lwn.net] claims that the weakness of Linux ASLR keeps the system from becoming excessively slow.
Re: (Score:2)
Thanks for the article, I had a feeling it would have to do with entropy of the placements in memory, but couldn't find that off hand.
Re:Microsoft technology? Really? (Score:4, Insightful)
To be fair, when debating, it's up to the person putting forth the argument to support it.
Re:Microsoft technology? Really? (Score:4, Insightful)
The arguments were covered more than exhaustively in the Slashdot discussion which resulted from Charlie Miller pwn2owning the MacBook in two minutes because it was "easiest" of the machines in the competition [computerworld.com] and I should not have to hold anyone's hand in this case. Asking me to explain something which has been so exhaustively covered here in the past is trolling or it is incompetence but it is nothing else. If someone makes a claim, I will generally make at least a cursory effort to find out if they are right [slashdot.org] because it is necessary to be informed in order to debate intelligently.
Of course, it doesn't hurt that TFA is about this very issue. I know this is Slashdot, but come on. I guess you could read this article [laconicsecurity.com], it pretty much sums up the argument.
Re: (Score:3, Insightful)
Don't bother looking up facts for yourself or forming your own counter-argument. Just offer us the glib "citation needed" and we'll take you seriously. Right...
Counter-argument to what? He was responding to a post that made sweeping statements but contained no supporting facts at all - hence "[citation needed]" was completely appropriate. That post was the equivalent of those TV commercials that say "4 out of 5 doctors say..." - okay, fine, then give us an honest-to-goodness citation or even a link so we can determine the statement's veracity for ourselves.
Re: (Score:3, Insightful)
Linux's implementation of ASLR is substantially inferior to Windows Vista/7's, which was covered the FIRST time this guy won the pwn2own contest.
This may be true (in fact my opinion is that most Linux desktop distros ship with only the ASLR in the generic kernel which last I heard was limited) but you still haven't provided any citation for this. You later claim it was somehow a solved question in another Slashdot thread, but don't link to that thread. Google doesn't seem to have much in the way of comparisons either, just a lot of articles on flaws in the Windows implementation and how people bypass it.
However, it is far superior to OSX's, which appears to not really do anything useful...
What's really funny is that Charlie Miller has
Re:Microsoft technology? Really? (Score:4, Interesting)
Shouldn't you be flattered that MS recognized how useful this was and incorporated it into their own OS? The whole point of open source is that anyone is free to adopt its innovations, after all.
And seriously, "M$"? Is anyone still using that in 2009?
10 LET M$ = "Microsoft" (Score:4, Insightful)
And seriously, "M$"? Is anyone still using that in 2009?
Microsoft's first product was a BASIC interpreter for the Altair computer. In the BASIC implementations common on Altair, Apple II, Commodore 64, and many other 8-bit home computers, names of string variables ended in $. For example:
I see the usage of "M$" in posts as analogous to "thank $deity", which alludes to the syntax for naming a variable in Bourne shell, Perl, or PHP. At least to me, it carries a connotation of "the world might have been a better place had Microsoft stuck to its BASIC compiler [microsoft.com] and not ventured into monopolizing operating system market."
Re: (Score:3, Informative)
Re:Let's not let facts get in our way (Score:4, Interesting)
a: compared to it's unix bretheren, Windows still requires administrative privileges for a LOT of common things
b: Microsoft's reliance on proprietary protocols, many of which have a lot of known and probably even more unknown vulnerabilities.
c: security policy on Windows has about 0 coherency, making it really hard to properly secure windows and really easy to accidentally miss something/screw something up. Windows security polices are all over the place, in the registry editor, in the windows security center, in the user/computer policy app(which at least as of xp wasn't searchable, so if you were looking for something and you didn't know EXACTLY where to find it you end up having to look through every single freaking policy. Whats worse is that Windows freely mixes client and server policies, even when the machine isn't a server! Most users get so frustrated and just leave everything open.
I tried to recently secure a Windows XP box after coming from a background of unix(including OS X) and Linux, and I just could not believe how insanely obfuscated Microsoft made everything. What is insanely simple to do in the Unix world takes massive effort to even attempt in the Windows world, if it will even work at all.
I swear Microsoft makes a lot of this stuff pointlessly complicated just so they can persuade more people to take the MCSE exams.
Re: (Score:2, Insightful)
I wouldn't equate Mac OS X as a 'Unix' for a comparison with Windows if I were you. The amount of stuff running setuid on a Mac is a little scary.
Re: (Score:3, Insightful)
I wouldn't equate Mac OS X as a 'Unix' for a comparison with Windows if I were you. The amount of stuff running setuid on a Mac is a little scary.
What's interesting is how in the same paper where Miller mentioned the ASLR in Leopard, he also praised Apple for getting rid of a lot of the setuid use.
Re:Let's not let facts get in our way (Score:4, Interesting)
>compared to it's unix bretheren, Windows still requires administrative privileges for a LOT of common things
Id say this is the one part of Windows MS has been improving. Running as limited user, runas, etc in Vista (especially SP2) and 7 is lightyears ahead of what it was in XP or 2000. Developers are pretty much being told to write software correctly or it just wont run in Vista/7. This is a sea change in how things are done in the Windows world and even today a lot of users without legacy cruft to support run without much hassle from the UAC. Eventually those old pieces of software causing these issues (lets write to c:\temp why not?) will be retired in favor of compliant newer versions.
Re: (Score:2)
Having run Vista it really only prompts me for admin privileges doing things like:
Setting the clock
Installing software
Uninstalling software
Bringing up "Computer Management" - which allows me to partition disks, look at the system log, install/uninstall drivers.
I never get UAC prompts just running apps, unless Firefox or some other app wants to install an update, but I categorize that under installing software.
Guess what though - my Mac asks me for the admin password doing the same exact tasks. Granted it do
Re: (Score:3, Funny)
I see many more posts complaining about mac fans than I see posts by mac fans. Don't you guys have anything better to do than get emotional about a blob of hardware+software?