Linked by Thom Holwerda on Thu 5th Mar 2009 23:02 UTC
Privacy, Security, Encryption With the infamous PWN2OWN contest drawing ever closer, the heat is ramping up. This year's instalment pitches Apple's Safari (on the Mac), Google's Chrome, Internet Explorer 8, and Firefox (all on Windows 7) against one another, while also allowing crackers to take on mobile platforms. Last year's winner, Charlie Miller, who won by cracking Mac OS X within minutes last year, says Safari on the Mac will be the first to fall.
Thread beginning with comment 351999
To view parent comment, click here.
To read all comments associated with this story, please click here.
Vai777
Member since:
2005-09-02

Man, I don't want to be rude, but I'm no longer able to stand people like you who just google "OS X Address Space Randomization" and spit a link. I'm sure that you don't even know/understand what Address Space Randomization is.

This kind of comment can possibly wrongly inform readers like me who then assume, based on your comment, that OS X has Address Space Randomization.

Reply Parent Score: 1

cristoper Member since:
2009-02-15

Hi Vai777,

I understand your frustration, but I won't admit to being guilty to all of your charges. When I first read the article I remembered having read some time ago that some version of Darwin introduced address space randomization. I checked Wikipedia's version history to find when that was and posted the link.

And I wasn't completely wrong. Here is from Apple about this feature in Mac OS X 10.5 (http://www.apple.com/macosx/features/300.html#security):

One of the most common security breaches occurs when a hacker’s code calls a known memory address to have a system function execute malicious code. Leopard frustrates this plan by relocating system libraries to one of several thousand possible randomly assigned addresses.

However, the Wikipedia article on ASLR, which is linked from the article I linked to and I should have read, points out that the Leopard implementation is incomplete. This was discovered by a third party; specifically (http://www.matasano.com/log/981/a-roundup-of-leopard-security-featu...):

The dynamic linker library (dyld) is not randomized. From what I can tell, ten different Leopard macs booted at ten different times will have the same offset to dyld.

And, also, while many library offsets are randomized, the heap and stack appear not to be (http://www.matasano.com/log/986/what-weve-since-learned-about-leopa...).

Reply Parent Score: 1

erikharmon Member since:
2007-06-20


And, also, while many library offsets are randomized, the heap and stack appear not to be (http://www.matasano.com/log/986/what-weve-since-learned-about-leopa...).


I didn't think this was so bad at first because Wikipedia indicates that OS X supports the NX bit, but it appears they only do so on the stack and not the heap.

Reply Parent Score: 1