|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
(allow process* sysctl* mach* network*)The optimal solution is to instead use Kerberos authentication for everything. That way, tasks instead run using:
(allow file-read* (regex "^/(bin|dev|(private/)?(etc|tmp|var)|usr| System|Library)(/|$)"))
(allow file-read* file-write* (regex "^/(private/)?(tmp|var)(/|$)"))
(allow process* sysctl* mach* file-read* file-write* network*)
(allow file-read* file-write* (regex "^/all(/|$)"))
Hope this helps,
Best, -- Ernie P. Xgrid Product Manager Apple, Inc.
Sometimes hackers try to hijack an application to run malicious code. Sandboxing helps ensure that applications do only what they’re intended to by restricting which files they can access, whether they can talk to the network, and whether they can be used to launch other applications. Helper applications in Leopard — including the software that enables Bonjour and the Spotlight indexer — are sandboxed to guard against attackers.
In the case of the new sandboxing facility in Leopard, mandatory access controls
restrict access to system resources as determined by a special sandboxing proﬁ le
that is provided for each sandboxed application. This means that even processes
running as root can have extremely limited access to system resources.
...Sandboxing helps ensure that applications do only what they’re intended to do by
placing controls on applications that restrict what ﬁ les they can access, whether they
can talk to the network, and whether they can be used to launch other applications.
In Leopard, many of the system’s helper applications that normally communicate
with the network—such as mDNSResponder (the software underlying Bonjour) and
the Kerberos KDC—are sandboxed to guard them from abuse by attackers trying to
access the system. In addition, other programs that routinely take untrusted input (for
instance, arbitrary ﬁ les or network connections) such as Xgrid and the Quick Look and
Spotlight background daemons are sandboxed.
Sandboxing in Leopard is based on the system’s mandatory access controls mecha-
nism, which is implemented at the kernel level. Sandboxing proﬁ les are developed
for each application that runs in a sandbox, describing precisely which resources are
accessible to the application.
ernest$ man -k sandbox ernest$ man sandbox
The sandbox facility allows applications to voluntarily restrict their
access to operating system resources. This safety mechanism is intended
to limit potential damage in the event that a vulnerability is exploited.
It is not a replacement for other operating system access controls.
New processes inherit the sandbox of their parent. Restrictions are gen-
erally enforced upon acquisition of operating system resources only. For
example, if file system writes are restricted, an application will not be
able to open(2) a file for writing. However, if the application already
has a file descriptor opened for writing, it may use that file descriptor
regardless of restrictions.
_______________________________________________ Do not post admin requests to the list. They will be ignored. Xgrid-users mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden
Visit the Apple Store online or at retail locations.
Copyright © 2011 Apple Inc. All rights reserved.