Category Archives: sandbox

On the new Lion security things

Posted on 2011-07-26 by Graham

This post will take a high-level view of some of Lion’s new security features, and examine how they fit (or don’t) in the general UNIX security model and with that of other platforms. App sandboxing The really big news for … Continue reading →

Posted in Authentication, Authorization, Codesign, Mac, PCAS, sandbox | 4 Comments

On stopping service management abuse

Posted on 2010-07-26 by Graham

In chapter 2 of their book The Mac Hacker’s Handbook (is there only one Mac hacker?), Charlie Miller and Dino Dai Zovi note that an attacker playing with a sandboxed process could break out of the sandbox via launchd. The … Continue reading →

Posted in launchd, Mac, sandbox | Comments Off

Category Archives: sandbox

On the new Lion security things

On stopping service management abuse

OOP the Easy Way

APPropriate Behaviour

APPosite Concerns

FSF