|
|
| 21-11-06 / 20:45 : Leopard : Mandatory Access Control (cjed) | At macgeneration, in a news about theoric vulnerability with automatic image mount feature in Safari (disabled by default), we learn that Apple is working on the well known Unix question of rights escalation. Their solution is to fix for applications the list of system operations they are allowed to execute in normal use :
"Leopard brings several new security enhancements to Mac OS X. The first of these is the adoption of the Mandatory Access Control (MAC) framework. This framework, original developed for TrustedBSD, provides a fine-grained security architecture for controlling the execution of processes at the kernel level. This enables sandboxing support in Leopard. By sandboxing an application, using a text profile, you can limit an application to being able to just access only the system features, such as disk or the network, that you permit." | | | Comments | | Write a comment | |
|
