Mac OS X Sandbox Security Hole Uncovered 155
Gunkerty Jeb writes "Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X. The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple's announcement earlier this month that all applications submitted to the Mac App store must implement sandboxing as of March 1, 2012. Sandboxing, Apple has argued, limits the resources applications can access and makes it more difficult for malware to compromise systems. Researchers at Core however revealed Nov. 10 that they had warned Apple in September about a vulnerability in their sandboxing approach. According to Core's advisory, several of the default predefined sandbox profiles fail to 'properly limit all the available mechanisms.' As a result, the sandboxing restrictions can be circumvented through the use of Apple events."
No, this is a very serious issue. (Score:3, Insightful)
Ever since JavaScript, iOS, and Android became widely hyped, we've heard a lot of fools screaming on about how sandboxing is somehow the solution to all of computing's ills. They claim it'll provide perfect security, and processes will be totally isolated from one another, and performance won't suffer, and a whole host of other claims that are utter bullshit.
This incident is so important just because it blows a hole in everything these sandbox-loving idiots are claiming. This is important because it's reality putting their silly theoretical beliefs in the spotlight, where everyone can see just how full of shit the "sandboxing is the answer!" crowd is.
Those of us who have pointed out that all sandboxes are imperfect, and are merely another tool in our toolbox, have been proven right once again. After all, we've been dealing with these sandboxing techniques since they were first implemented on mainframe systems, and then later in most commercial UNIX systems and the BSDs, and then by the JVM and .NET.
Sandboxing has its place. Like I said, it's one tool among many. But it's not the savior that so many have claimed it to be, especially as of late. I suppose that we shouldn't be surprised that these fools are so wrong. After all, many of these "programmers" only know JavaScript. Hell, some of them were born after 1990, a good 20 years after we realized what the problems were with sandboxing after it had been implemented on mainframes back in the 1960s and 1970s.
Re:Steam can't run in a sandbox so apple can lock (Score:3, Insightful)
I think some will be app-store only.
I would not be surprised if iMacs or entry-level Macs become app-store only.
It appears to me that's the direction Apple is going. If they continue to build non hand-held computers at all, that is. That doesn't seem to be their focus any more, sadly.
OSX = IOS (Score:4, Insightful)
Re:Steam can't run in a sandbox so apple can lock (Score:5, Insightful)
Steam can't run in a sandbox so apple can lock them out if they move to more of a app store only system.
...and the same is true of MS Office, Adobe CS, Parallels/VMWare etc. So maybe, just maybe, Apple isn't going to lock down OS X until people are no longer buying Macs to run those applications.
Sure they could decide to go this way - in which case I could feed a Linux or Windows disc in my Mac and give Apple up as a bad job. Personally, I'd be more worried as to whether MS is going to push UEFI secure boot onto every OEM, making it hard to buy any hardware that let you choose which OS to run.
OTOH the App Store could develop as somewhere that it was safe for a non-Admin account (Grandad, kids, mere employees) to install software from. The whole system wouldn't need to be locked down.
Re:Mac OS X 10.7x, 10.6x and 10.5x (Score:2, Insightful)
Why can't everything be run in its own sandbox? Isn't this where IT security is heading?
Because we've tried it that way many time before, and it's just not practical for getting real work done.
The typical process model offered by most OSes created within the past 30 years already provides most of the benefits of a sandbox. The processes are isolated, they can be denied access to certain resources, and they can abstract away the physical hardware. But then we find that we need to share data between applications in order to make software that's actually useful. That's why we have files, IPC, networking, and a whole bunch of other ways to intentionally break through process isolation.
Sandboxing works great when you're making shitty games that run on some Apple device. But the as soon as you want to do something practical, you need to get rid of these artificial limitations.
Re:Steam can't run in a sandbox so apple can lock (Score:2, Insightful)
Buddy, Apple does what it wants -- they are *famous* for doing "teh stupid"
Yup, if there's one thing Apple is famous for, it's their inept decision making. That's why they are doing so poorly and their products are so unpopular.
Re:Sandbox holes will then become a "feature". (Score:4, Insightful)
You're absolutely right. This is always the path taken with sandboxing. Once people realize that the sandbox is preventing them from getting real work done, the next hyped "feature" is usually some way to bypass the sandbox.
No they won't because "people" don't understand filesystems, that's a geek thing. That's why so many people have all their files on their desktop. Computing is finally tilting away from geeks and towards making norms comfortable. Don't worry, you'll always have Linux.
Re:Sandbox holes will then become a "feature". (Score:4, Insightful)
Just go look at some Windows users in the wild. The fact that they had to create an automatic desktop cleanup wizard for Windows speaks volumes. People who do this all say the same thing: it's convenient, they know where the files are and don't have to think about it. We are catagorizers, we think in trees and hierarchies, normal people just use stacks. As in: a stack of papers on my desk ("it's in here somewhere") and a stack of files on their desktop.
Part of this is solved by search, like Gmail does: don't sort your mail, just search it. Apple also does this with Spotlight, its system wide search. Another solution is to keep data tied to an app. Arguably Apple already does this with iTunes and iPhoto which are backed by folders but folders you never need to go into because you access your data through the apps. The data stays in the app where you "left it" until you explicitely export it in some way. This seems much more intuitive to normal people and works well with sandboxing. It's also abhorrent to geeks because they fear lock-in although personally I think it's difficult to imagine lock-in in an internet connected world where the first feature users ask of their software is easy sharing.
Re:Broken concept (Score:2, Insightful)
2. The concept itself is broken, a sandbox which *only* prevents network access is completely useless.
A sandbox doesn't have to be watertight to be useful, as the goal isn't just blocking malicious applications, but also inspecting and controlling legitimate applications. Games for example often do network access, even when not needed, a personal firewall or sandbox can prevent that. That the protection can be circumvented isn't an issue here, as that would mean breaking the law and most companies wouldn't go that far just to collect some user data.
Re:OSX = IOS (Score:2, Insightful)
Apple is clearly dominating the tablet space right now, but as soon as real operating systems with serious applications hit tablets
Those tablets have been available for well over a decade and they bombed in the marked because nobody wants those fragile pieces of tech. The solution to making a more powerful tablet is in improving iOS, not trying to cram a fragile maintenance heavy desktop OS on a tablet. The future in mainstream computing lies in computers that everybody can use and desktop computers ain't those machines and without radical changes they never will be, seeing how they barely have changed at all in the last decade.