OS X contains unpatched security flaws of a type that were fixed on alternative operating systems more than a decade ago, according to a security researcher credited with finding numerous bugs in Apple’s increasingly popular platform.
Ancient Flaws Leave OS X Vulnerable?
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
66 Comments
As they’re not taking much advantage of Mach anyway, how feasible would it be for Apple to throw out Darwin and completely switch to FreeBSD? Does their higher-level stuff use a lot of XNU specific interfaces? Is the driver interface very different?
-
2006-01-26 7:59 am
Lazarus“Does their higher-level stuff use a lot of XNU specific interfaces? Is the driver interface very different?”
Yes. It’s all documented on their site, and yes, the driver frameworks are VERY different…
http://developer.apple.com/referencelibrary/
-
2006-01-26 8:08 am
HakimeActually they do a lot. Apple uses Mach for:
– preemptive multitasking, including kernel threads (POSIX threads on Mac OS X are implemented using kernel threads)
– memory protection
– virtual memory management
– inter-process communication
– interrupt management
– real-time support
– kernel debugging support
– console I/O.
As said, Mach provides the code for the VM (which has been more than a source of inspiration for the recent implementation of the new VM of FreeBSD 5.x, cf The Design and Implementation of the FreeBSD Operating System, by Marshall Kirk McKusick, George V. Neville-Neil), and provides the Mach-o binary format that give support for fat binaries (Universal Binary).
Plus i think Mach is stable, very stable and its modular. Apple takes full advantage of that.
Edited 2006-01-26 08:10
Here is some information that i found in the Apple DEVELOPER DOCUMENTATION, not a marketing brochure, so anyone can say that its Apple “marketing blurb”.
Those information are taken from the “Kernel Programming Guide”:
1) In the “Kernel Architecture Overview” section it says: “Above the Mach layer, the BSD layer provides “OS personality” APIs and services. The BSD layer is based on the BSD kernel, primarily FreeBSD. The BSD component provides
. file systems
. networking (except for the hardware device level)
. UNIX security model
. syscall support
. the BSD process model, including process IDs and signals
. FreeBSD kernel APIs
. many of the POSIX APIs
.kernel support for pthreads (POSIX threads)”
Look at the “BASED ON”….. This is what i said….
2) Section “BSD Overview”, the introduction says: “The BSD portion of the Mac OS X kernel is derived primarily from FreeBSD, a version of 4.4BSD that offers advanced networking, performance, security, and compatibility features”.
This is what i said…..
2) The “BSD Facilities” section says:
“The BSD component provides the following kernel facilities:
. processes and protection
host and process identifiers
process creation and termination
user and group IDs
process groups
. memory management
text, data, stack, and dynamic shared libraries
mapping pages
page protection control
. POSIX synchronization primitives
. POSIX shared memory
. signals
signal types
signal handlers
sending signals
. timing and statistics
real time
interval time
. descriptors
files
pipes
sockets
. resource controls
process priorities
resource utilization and resource limits
quotas
. system operation support
bootstrap operations
shut-down operations
accounting
BSD system facilities (facilities that may interact with user space) include
. generic input/output operations such as read and write, nonblocking, and asynchronous operations
. file-system operations
.interprocess communication
. handling of terminals and other devices
. process control
. networking operations”
Is someone here stupid enough to argue against this technical document explaining the architecture of the OS X kernel environment?
Hein rayiner?
http://developer.apple.com/documentation/Darwin/Conceptual/KernelPr…
-
2006-01-26 6:18 pm
rayinerHow do you know they are talking about the kernel, and not the libc? The libc provides the interface to all these things, and probably comes from FreeBSD.
That’s the most likely thing I can say, because the things you listedj ust make no sense. For example, you yourself said BSD doesn’t handle memory management (Mach does), but its their in that list. It also says the BSD layer (presumably FreeBSD code) handles networking operations, but if you actually read the damn code, you can see that sys/netinet is significantly different between the two implementations (with FreeBSD’s being more complex and seemingly more recent).
Again, read the code, not literature meant for application programmers. The code cannot mislead you!
Neil Archibald is talking about “expecting” to find ancient flaws and “expects” that when OSX becomes more popular, security-advisors will investigate OSX more and more and they will find a lot of “easy exploits”. Is this just in his head, or does he actually did an audit on OSX, where he can prove the things he is saying? Until then, I think Neil should focus on what matters, instead of throwing mud in peoples faces.
Archibald said his opinion is justified because Apple does not use software auditing tools to scan enough of its software. These types of tools have been heavily employed by Microsoft since the company launched its Trustworthy Computing initiative
While we trust some of these auditing tools are worth a part of their price, but the argument that see, MS has used these isn’t worth a grain of sand. It would, if MS would produce the world’s safest and most secure OS and applications. Also, unless he is a coder guru at Apple which I hardly think, why does he make statements about Apple’s coding and auditing practices. And also, who says using those (or his) auditing tools is _the_ way of producing quality software.
The argument about the market share is significantly lower was something which I already was calling BS on some years ago and I also am today. Having higher market share can be _no_ excuse for producing crappy products. And will never be.
About: Apple has been very slow to respond to reported security vulnerabilities. SLow compared to whom ? To MS ? To RH ? To generally large linux-based projects ? To cheese ?
applications and libraries is relatively under-audited, which leaves a lot of low hanging bugs
😀 Ok, now you can write an article which says the same words about every and each relatively under-audited software on this planet.
Edited 2006-01-26 10:18
Try getting a job at Apple Engineering and showing them how much better your vision for a kernel is and make sure that it maps seemlessly with ObjC.
I truly expect 10.5 to be the first version that silences a lot of critics, especially with OS X Server.
-
2006-01-26 11:18 am
-
2006-01-26 12:32 pm
Get a LifeLet’s make it easier: What desktop operating systems are incompatible with Objective-C. Hint: This is the part where David Stes jumps out of the bushes and eats your face.ht
-
2006-01-26 9:17 pm
suryadAnandtech’s analysis on the differences in performance between Linux and OS X was quite eye opening. OS X is great but its performance is not good IMHO. I truly hope you are right.
I don’t see why to use MacOS X x86 when
– There is FreeBSD which runs also on x86
– It is 100% free (as beer and as freedom)
– With FreeBSD you get fast security updates (many experienced people seing the code) and even you can correct all the bugs because you have the source code.
– KDE 4 will have almost the same sexy features than MacOS X and Vista
– You can use FreeBSD with any PC made by any company
-
2006-01-26 4:47 pm
AdamR01“I don’t see why to use MacOS X x86 when…”
I think you answered your own question.
“KDE 4 will have almost the same sexy features than MacOS X and Vista”
Key part of the answer being almost as in “almost only counts in horseshoes and hand grenades”.
-
2006-01-26 5:59 pm
kadymaeQuoth the visconde: I don’t see why to use MacOS X x86 when
– There is FreeBSD which runs also on x86
– It is 100% free (as beer and as freedom)
– With FreeBSD you get fast security updates (many experienced people seing the code) and even you can correct all the bugs because you have the source code.
– KDE 4 will have almost the same sexy features than MacOS X and Vista
– You can use FreeBSD with any PC made by any company
I fail to see the following in your list:
1) It. Just. Works.
2) No need to use the (blorf!) CLI to get tasks done
3) Has all the same sexy features of OS X
4) Runs Photoshop, Corel Draw, Canvas
5) Runs Final Cut Pro/Express/iPhoto/iMovie
6) Runs common, easy to use, audio editing software
7) Runs Flash, Quick Time, Windows Media
I mean, don’t get me wrong, I’m not an OSS hater (I use and like Ubuntu Linux), but all of the above is why there’s an iMac replacing my husband’s ancient PC. Because no way can my DH deal with the command line (he *just* discovered right click) and I can’t provide the kind of tech support he’d need to do Linux.
-
2006-01-26 7:31 pm
someoneI would be very happy if KDE 4 manage to fix its most jarring usability bugs… Having good functionality is never a problem for KDE, the problem lies in how to make everything usable.
Perhaps you should tell Apple to update their Darwin FAQ @ http://developer.apple.com/darwin/projects/darwin/faq.html
Q. Where does Darwin fit into the BSD family?
A. The purpose of Darwin is to provide the core system software for Mac OS X. It is not designed to be an alternative to other excellent BSD options such as FreeBSD, NetBSD, and OpenBSD. Darwin is simply BSD tweaked in ways we think will help Apple deliver the next great version of the Mac OS. We should note, however, that apart from a few architectural differences (such as our use of the Mach kernel), we try to keep Darwin as compatible as possible with FreeBSD (our BSD reference platform).
KDE 4 will have almost the same sexy features than MacOS X and Vista
Tell me, which one?
KDE 4 will be very different from Mac OS X. One likes KDE more and the other likes Mac OS X more. It’s their choice. And yours.
Edited 2006-01-26 17:27
-
2006-01-26 5:47 pm
visconde_de_sabugosaTell me, which one?
KDE 4 to get Dashboard widget support
http://arstechnica.com/news.ars/post/20060102-5881.html
Previewing KDE 4
http://www.linuxdevcenter.com/lpt/a/6407
KDE4 mockups
http://vladoboss.softver.org.mk/mg2/index.php?list=5
The truth is that there will be less significative differences between Linux/*BSD and MacOS X and Vista.
Apple is for people that give more value to cosmetic features than freedom of choice.
-
2006-01-26 7:40 pm
someoneActually, that is not the case… Many OS X users are not very impressed by the latest user visible features in Tiger (ie. Dashboard and to an extent, Spotlight as well. This is seen from the # of dashboard disablers that have poped up). The underlying changes, such as Core Image, Core Audio, Core Data and older technologies such as Applescript are more important.
Also, note that Plasma is *very different* from Dashboard. It rethinks the way Desktop works while Dashboard is just an extension of the traditional concept of Desktop.
-
2006-01-26 5:49 pm
ThawkTHI’m not sure we can make such a judgement yet. KDE4 is likely to (if the aspirations come to pass) be EXTREMELY different from previous KDE’s – in usability, interface, and interaction with the user.
While I’m sure it will maintain SOME resemblance to previous versions, I think we’ll be surprised just how big a leap 4 will be.
Who knows? People that love KDE now may HATE 4, and those who love OSX may just be shocked and switch to KDE…
But I wholeheartedly agree with you
Some will love one, others will love the others, some will love both, some will hate both…
Yay for CHOICE!
-
2006-01-26 7:46 pm
someonePersonally, I’d rather be more conservative. Let’s be realistic: radical changes are rarely acceptable to existing users. Many exisiting users would be put off if KDE 4 suddenly changed all UI elements and rearranged all of the preference… Expect it to be more of an evolution rather than a revolution.
How in the hell did this become a KDE topic? Holy crap, you people are ready to argue about user interfaces any time, any where aren’t you?
P.S. GNOME rox
since the FreeBSD components don’t make up any core kernel components.
Which has been shown to be false, by several posts on here.
A lot of the BSD components run in kernel-space (syscalls, I/O, TCP/IP, etc). Or do you not consider those to be “core kernel components”?
Read all the comments in this thread. How can you not consider the BSD bits to be integral to the Darwin/MacOS X kernel?
Is Apple lying to the world? Are their tech docs wrong? Are the people who work on the kernel all suffering from the same mass delusion?
-
2006-01-26 6:25 pm
rayinerJesus, try to understand. I didn’t say BSD components didn’t make up core kernel code. I said FreeBSD components didn’t. Much of the BSD code in Darwin doesn’t come from FreeBSD. Apple inherited much of it from NeXT, which got it from 4.4BSD-Lite2. When they updated stuff to FreeBSD, they did the parts that were the easiest: filesystems, userland, etc.
Just think about it. FreeBSD 5.x uses fine-grained locking. Importing core subsystems from FBSD 5.x would be very difficult, because you’d have to rip out all that locking code that uses locking subsystems that OS X doesn’t have. If you actually read the XNU source code, you don’t see a trace of FreeBSD 5.x’s locking subsystem. Either Apple did an excellent job ripping out all that locking, which would be pointless since they’re trying to make the locking more fine-grained in Tiger and Leopard, or they didn’t use FreeBSD code for core components!
-
2006-01-27 12:59 am
Get a LifeThat’s a bit of a nonsequitor. The FreeBSD code in XNU is mostly from ~2001. FreeBSD’s locking code was anything but fine-grained in 2001. Indeed, you can look at revisions of FreeBSD code from 2001 and compare it with newer versions of XNU (since the older ones are even more NeXT-encumbered; just take a look at the first public release!) and you’ll see that the XNU version is derivative. There are other cases where locking procedure in XNU and FreeBSD code corresponds but differs in the naming of elements of structures.
So here we have an interesting thing
1) A security expert, who works on finding exploits, finds and reports many exploits in a short space of time. From this he concludes that Apples security is poor. I fail to see how this deduction can be logically challenged.
Immediately people who wouldn’t know logic if it smacked them in the face decide to launch ad hominem attacks. The article must be crap, because he also writes tools to help companies write more secure code. The thinking seems to be: we shall not let minor details like “facts” bother us, we have shown that the author is not a 100% disinterested observer, therefore his argument must be wrong.
Other people choose to attack his assertion that Apple don’t use code analysis tools unlike Microsoft who do. Microsofts use of static code analysis programs developed by MS Research is well documented, these can locate potential bugs in programs quite nicely. Apple clearly cannot use them, because if they did they’d already know about many of the vulnerabilities reported and would (you’d hope!) have fixed them given their seriousness.
Nonetheless, apparently making more logical deductions from the evidence available and some simple axioms (like “Apple fix security bugs they know about”), is frowned upon here.
2) Rayiner, who has actually read the code and knows what the hell he is talking about, tells it like it is, and people who clearly know crap all about operating systems (since when do syscalls run in userspace? isn’t that impossible by definition?) throw random bits of marketing fluff around as a “rebuttal”.
Ye gods.
-
2006-01-26 8:56 pm
-
2006-01-27 1:21 am
mikehearnOh, one thing I forgot to mention originally, fat binaries are IIRC not a feature of Mach-O specifically, rather they’re a feature of the bundles system. You could easily implement fat binaries with ELF or PE, and in fact the ROX Desktop guys have done exactly that. I’m not entirely sure why they use Mach-O, it’s not very good, but I suspect it’s one of those bits that got pulled across in the NeXT code import and never got cleaned up.
“You’re dodging. I don’t doubt that the FreeBSD components in OS X are from FreeBSD 5.x. I never said otherwise. What I said is that “Darwin is not based on FreeBSD”, since the FreeBSD components don’t make up any core kernel components.”
Apple developer doc is saying “The BSD layer is based on the BSD kernel, primarily FreeBSD”. Obviously this doc is written by people who wrote the code of Darwin, so are you saying that people that wrote the code of Darwin are wrong? Do you argue agaisnt them? I dont think so, you are just crazy because you can admit that you are WRONG. Just admit, you just appear more and more foolish….
“How do you know they are talking about the kernel, and not the libc? The libc provides the interface to all these things, and probably comes from FreeBSD.”
The doc is called “Kernel Programming Guide”, so we are in the kernel. And anyway if you say that you read the source code you should now that the BSD portion of xnu is implemented in the same space as MACH, the kernel space. So BSD is in th kernel….
“That’s the most likely thing I can say, because the things you listedj ust make no sense. For example, you yourself said BSD doesn’t handle memory management (Mach does), but its their in that list. It also says the BSD layer (presumably FreeBSD code) handles networking operations, but if you actually read the damn code, you can see that sys/netinet is significantly different between the two implementations (with FreeBSD’s being more complex and seemingly more recent)”
You dont understand, saying “based on” does not mean that the cource code should be the same, God dam its based on FreeBSD 5.x not IS FreeBSD 5.x. Just read what i am writting.
“Just think about it. FreeBSD 5.x uses fine-grained locking. Importing core subsystems from FBSD 5.x would be very difficult, because you’d have to rip out all that locking code that uses locking subsystems that OS X doesn’t have. If you actually read the XNU source code, you don’t see a trace of FreeBSD 5.x’s locking subsystem. Either Apple did an excellent job ripping out all that locking, which would be pointless since they’re trying to make the locking more fine-grained in Tiger and Leopard, or they didn’t use FreeBSD code for core components!”
The thing that you miss is that the implementation of the fine grained locking came to FreeBSD 5.x around the same time its was implemented in Dawrin and if you look properly at the source code you see that the XNU code is derivative of FreeBSD (or the other way), and some functions are similar in their struture, only the naming is different. As apple had only to bring fine grained locking to the BSD portions of XNU (not MACH which was alread thread safe) they have to deal with multithreading the network and the file system (those two componants have been protected by the funnels priot to Tiger) code as the FreeBSD group has to do too and you really can see in the code that the two works have been very close.
You say that you read the code, but i know it better than you…. just stop to say read the code. I tell it to you again, you are not the only one here that understand code.
“Jesus, try to understand. I didn’t say BSD components didn’t make up core kernel code. I said FreeBSD components didn’t. Much of the BSD code in Darwin doesn’t come from FreeBSD. Apple inherited much of it from NeXT, which got it from 4.4BSD-Lite2. When they updated stuff to FreeBSD, they did the parts that were the easiest: filesystems, userland, etc.”
I am not saying that OSX does not find its roots 4.4BSD, it does, but since Apple has introduced OS X, they largeley changed the BSD code base to be migrate on FreeBSD. Are you still saying that FreeBSD has nothing do with XNU?
Well if i go lets say to xnu/bsd/netinet6/ and if i open say the source of named “ipsec.c” i find in the beginning of the source file the following:
“/*$FreeBSD: src/sys/netinet6/ipsec.c,v 1.3.2.7 2001/07/19 06:37:23 kris Exp $ */
/*$KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $*/
”
Which is a clear reference to FreeBSD and to the Kame project.
If you open “ip_mroute.c” in the same directory you will find a reference to FreeBSD too,
$FreeBSD: src/sys/netinet/ip_mroute.c,v 1.56.2.2 2001/07/19 06:37:26 kris Exp $
If you open xnu/bsd/netinet/ip_flow.c you will see again the reference to FreeBSD;
$FreeBSD: src/sys/netinet/ip_flow.c,v 1.9.2.1 2001/08/08 08:20:35 ru Exp $
If you open xnu/bsd/vfs_cache.c you will read
“This code is derived from software contributed to Berkeley by
* Poul-Henning Kamp of the FreeBSD Project.”
If you open xnu/bsd/crypto/bf_enc.c you will find
/* $FreeBSD: src/sys/crypto/blowfish/bf_enc.c,v 1.1.2.3 2002/03/26 10:12:23 ume Exp $ */
/* $KAME: bf_enc.c,v 1.7 2002/02/27 01:33:59 itojun Exp $ */
If you open xnu/bsd/kern/kern_ktrace.c you will find
$FreeBSD: src/sys/kern/kern_ktrace.c,v 1.35.2.4 2001/03/05 13:09:01 obrien Exp $
If you open xnu/bsd/net/route.c you will find
@(#)route.c 8.2 (Berkeley) 11/15/93
* $FreeBSD: src/sys/net/route.c,v 1.59.2.3 2001/07/29 19:18:02 ume Exp $
If you open xnu/bsd/sys/event.h you will find
$FreeBSD: src/sys/sys/event.h,v 1.5.2.5 2001/12/14 19:21:22 jlemon Exp $.
And many others source files that refer to FreeBSD. Compare those source files to the one of FreeBSD and you see that they are very close. So now are you still arguing against me, if you have ever read the code as you say, you should have seen that in the code.
Just admit that you are wrong, you are not gonna to die because of that.
Edited 2006-01-27 07:56
-
2006-01-27 6:16 pm
rayinerCongratulations, you know how to use fgrep! Why don’t you take it to the next step and figure out what those CVS reference strings imply about the nature of each subsystem? You pointed out a whole bench of examples of Apple using bits of FreeBSD code. This is something I did not argue with. Your examples don’t, however, show Apple “basing” Darwin on FreeBSD, which would require much more than a few references here and there. Again, you’re not trying to prove that Darwin uses FreeBSD code (I’ve said as much!), you’re trying to prove that Darwin is based on FreeBSD.
1) Yes, INET6 is from the KAME project. Since KAME is used in FreeBSD, and I’m sure the FreeBSD folks have made modifications to it that Apple has picked up. I’ve already said as much.
2) Its interesting you mention ip_flow.c. It doesn’t even exist any more in FreeBSD. Indeed, many of the FreeBSD files in netinet don’t exist any more in FreeBSD. It’s clear there was a merge with FreeBSD networking code in netinet at some point, but its also clear that its not from any current release of FreeBSD.
3) vfs_cache is the only file in VFS with FreeBSD references. All the other ones are copyright Berkeley 94-95. Some bits (vfs_journal.c) seem to be from Apple. Clearly, this is 4.4BSD code with some Apple additions and one file swapped from FreeBSD.
4) If you actually read the tag history on those files, you’ll see that they got it from the KAME project. Whether you consider KAME code to be FreeBSD code is a seperate issue. Since KAME bills itself as a inet6 stack for BSDs in general, not FreeBSD specifically, I find that argument to be quite a strech.
5) kern_ktrace.c and kern_kevent.c (kernel tracing and the kqueue mechanism) seem to be from FreeBSD. So does kern_mib.c and kern_newsysctl.c, and the sockets files. So out of all the things the core kernel does, we’ve established that ktrace(), kqueue, some sysctl stuff, and sockets are from FreeBSD. The rest of the files (which make up the bulk of the code and the core features like the kernel memory allocator) appear to be 4.4BSD and NeXT code.
6) Of course event.h is from FreeBSD. event.h is the kqueue mechanism. I already mentioned it in my earlier post as being one of the things from FreeBSD.
So far, what you’ve proven is that:
a) The networking subsystem contains significant code from FreeBSD (although its not clear that its all from 5.x). I was in error in saying that the networking code was not from FreeBSD, I was actually going by Apple’s Developer Documentation in that case. They say the network stack is based on the original BSD code.
b) FreeBSD and Darwin both use KAME code, which I already said before.
c) Apple has imported a few scattered files here and there from FreeBSD, which is a point I never argued. However, I already said “using some FreeBSD code” is completely different than “basing Darwin on FreeBSD”.
Is this argument about the definition of “basing”? To me, “basing” means they started with FreeBSD, and built on top of it. I think my definition is correct, because it captures true statements like “Solaris is based on SVR4”, while rejecting untrue ones “FreeBSD is based on OpenBSD”. If you consider importing some code here and there to constitute “basing”, you can quite happily argue the latter, even though its a ridiculous statement.
Or are you argueing that Apple really did start with FreeBSD as the basis for Darwin? In your study of the code, did you realize that Darwin and FreeBSD use completely different:
1) Kernel support components (kernel malloc, locking, etc);
2) Virtual file system layers;
3) Virtual memory managers;
4) Device driver models;
5) System call handlers (with the exception of kevent/sysctl as mentioned earlier);
6) Hardware abstraction layers.
These are the guts of the kernel, and in these regards the two OSs different greatly.
-
2006-01-28 6:57 am
HakimeOk so now you know how to read some code, take it a little bit further and try to understand it and how Apple use FreeBSD.
You dont read what i wrote.. i wrote that the Unix services in xnu are mainly based on FreeBSD in the last version of osx. I never said that Apple starts to build Darwin on top of FreeBSD, never. I said that their Unix environement in the kernel space is based on FreeBSD. You can simply not argue against that because the source code, the Apple developper doc, the recent statement of Jordan Hubbard (Engineering Manager, BSD Technology Group) says the same thing.
“Based on” does not imply everything, My understanding of “based on” is that Apple based component of Darwin code on several work or source code available on FreeBSD. That is what it does mean.
I am telling you again, i never said that Darwin is FreeBSD, thats not my statement, i am saying that many portions of Darwin, and you admit it now about the network code that it does use significant code from FreeBSD, uses FreeBSD code in a way or another.
You accuse me for sayiong things that i did not. I never said for example that the Device Driver model or the Hardware abtraction layer are heritated from FreeBSD, never, thats pure Apple code or whereever else. I dont say that the locking code in mach is from FreeBSD, either.
What i say is that the Virtual file system, or the VM has some code that can be tracked to Freebsd, i am saying that the fined grained locking in the BSD portion of the kernel (mainly for networking and the file system) has code that obiously looks like the FreeBSD fined grained locking. The BSD portion of xnu did not have fine grained locking prior to Tiger, and the implementation in Tiger looks very similar to the FreeBSD one…
It’s too bad that Apple hadn’t scrapped “Darwin” before releasing Mac OS X and just built on top of FreeBSD or NetBSD. This could have greatly benefited all parties involved.
Apple could get free security and functionality updates (thanks to teh FreeBSD/NetBSD communities) and FreeBSD/NetBSD could benefit from any changes that Apple makes (assuming they decide to be neighborly and contribute back those changes).
FreeBSD and NetBSD would be excellent choices due to their robust architecture and stable API/ABI policies for both kernel modules and user-land software. They also provide full backwards compatibility back to at least FreeBSD 4.x
“It’s too bad that Apple hadn’t scrapped “Darwin” before releasing Mac OS X and just built on top of FreeBSD or NetBSD”
Eh? At the time, niether FreeBSD or NetBSD had kernel threading, whereas Mach did. Also at the time, the only BSD that supported SMP machines was FreeBSD, and it was under a single kernel lock; meaning not very scalable.
Add to this that many features of Mac OS X rely on Mach features (Mach messages for IPC, Mach-O binary format allowing for FAT binaries and probably countless other things I can’t even remember ATM) that it would be a very expensive and painful move for them, and in the end, with little real bennefit.
If it ain’t broke, don’t fix it (admittedly not the best thing for me to say in a post attached to an article regarding the apparent lack of QC in Mac OS X, but you get the idea).
But Darwin was using a single kernel lock until recently as well.
I think it would have been less work to port Mach features into FreeBSD than to update Darwin to modern standards (which has been an expensive and painful process).
“But Darwin was using a single kernel lock until recently as well.”
No it wasn’t. It was using two. That’s MUCH more scalable than just one 😛
Ah humor…
Hint #1- author says OSX is vulnerable because apple has not used commercial code analysis programs.
Hint #2 – author WORKS for such a company selling such code analysis warez.
Duh… funny how much crap like this is just (not) clerverly disguised advertising dollars.
Hell, I wouldn’t be suprised if this ZDNET was PAID TO run this article.
Hint #1- author says OSX is vulnerable because apple has not used commercial code analysis programs.
Where does it say commercial? It doesn’t. You’re slightly stretching so it fits your argument.
Hint #2 – author WORKS for such a company selling such code analysis warez.
Does it say this in the article? I didn’t see it. Maybe since the guy works for a company that does security auditing, it means he has a good understanding of security holes. It’s his profession.
So..you’re saying either
#1 he’s lying out of his ass, putting his reputation and the reputation of the security company he works for on the line, in exchange for publicity
or
#2 his motives aren’t 100% fullproof, but he’s right nonetheless, and Apple is full of securityholes, that hackers just haven’t discovered yet or don’t bother with because exploits for a minority platform aren’t interesting.
Hint #1- author says OSX is vulnerable because apple has not used commercial code analysis programs.
Hint #2 – author WORKS for such a company selling such code analysis warez.
Thanks man, that says it all right there. I should start reading the comments first to see if an article is even worth opening. Can you say conflict of interest?
Edited 2006-01-26 15:00
Duh… funny how much crap like this is just (not) clerverly disguised advertising dollars.
It doesn’t say “commercial” anywhere. And, even if it did, how does this obviate the point of the article? If these flaws have been around for a decade — but fixed on alternate platforms — something is obviously wrong with Apple’s engineering practices…
Where someone points out that most home users already use administrator accounts for everything on Windows, making local root exploits a vehicle for damage parity rather than superiority. Then comes a fight to the death over the quantity of potential remote exploits. Yadda yadda. And then everyone goes away satisfied.
Milo,
On the face of it I’d like to agree with you, the author has an ulterior motive — OR he works for a security company and is an Apple FAN.
I’d like to help FileMaker debug their JDBC driver, but, If the lovable block heads don’t want to hear about bugs then you can’t get no-where.
I don’t get it … how does the guy know how Apple develops its core software? Is he a software engineer for Apple? Is he a security guy for them? If not, I don’t think he’s qualified to say one way or the other how they develop their software.
OS X is basically a very elegant mish-mash of various open-source software, mingled their own proprietary stuff. If the many-eyes theory of open-source evangelism is true, the open-source stuff should be relatively safe already. Of the remaining proprietary portions, there are only a few that are security-sensitive to OS as a whole.
That’s why Apple has a bit of a benefit over others — they’re already building on top of solid code, and what they’re building is nowhere nearly as complex and massive as say, Windows.
OS X is basically a very elegant mish-mash of various open-source software, mingled their own proprietary stuff.
“Elegant” is not the word to describe OS X. Mish-mash is accurate, though.
If the many-eyes theory of open-source evangelism is true, the open-source stuff should be relatively safe already.
The basic problems are two-fold:
1) Very few open source people are looking at Darwin. It’s not a technically interesting system, and the proposition of basically doing free QA for Apple is uninviting.
2) OS X is based on very old open source code. Much of the code dates back to the lites releases of BSD. “Many eyes” haven’t looked at this code in a decade or more, and there were lots of changes while it was hidden away inside NeXT.
It’s more elegant than Windows XP, or any distribution of Linux that I’ve ever used. That’s enough for me.
As for the problems:
1) Darwin is the kernel, but there is a *lot* of *BSD userland. I don’t really remember the specifics, but I know that certain components are borrowed from FreeBSD, and another group of components is borrowed from either Net or OpenBSD. Let Apple deal with the kernel on their own, but a lot of their QA is already being done by the BSD folk.
2) See above. I know not all of it is modern *BSD, but apart from Apple’s proprietary stuff, the userland BSD stuff, and XNU, there really isn’t that much left.
Darwin is NOT the kernel!
Err, sorry. Brainfart.
I meant Darwin/XNU.
Take for instance the ping and traceroute bugs in adv5.pdf which were changed in FreeBSD in 1996 but not in Darwin because Darwin wasn’t using FreeBSD-derived versions. The FreeBSD traceroute is actually still broken in the first attempt after they change it, but they end up importing a new version of traceroute that isn’t broken later in 1996.
The dsidentity tool isn’t from BSD userland at all. It’s a tiny little crappy program written by Apple.
It’s really the amalgam nature of where everything comes from along with a lack of tracking modifications. A lot of little programs are taken from FreeBSD directly, and yet some are old. And it doesn’t matter if they come from FreeBSD if they aren’t synced for four years.
@ the_trapper
You dont seem to be aware that all the Unix services and semantics in darwin are based on FreeBSD 5.x, and that indeed a lot of exchanges ar emade betwwen the work that Apple does on Darwin and the FreeBSD people. Darwin also uses a lot of code from NETBSD and OpenBSD. The only different part relies on the Kernel itself, where Apple uses MACH code, but both being implemented at the kernel space.
Every change that does in the FreeBSD code that they use is open to be reused in FreeBSD or any other BSD. For example a lot of security inititives from Apple (Secure Trusted Operating System Consortium) are now shared with the BSD community.
So if you would know a littlt bit more about how Darwin is built, you wont make such wrong statement.
About the article of zdnet, i would like to say that its normal that a researcher in os secutity says that a given os is not secure, thats its job to say that. A perfect world with perfectly secure software will make him jobless. So he has to talk in that way, and he has to find new matter to talks, windows in not enough any more.
How many times we heard some so called security reserarches saying that Windows is more secure than Linux. We now that its not true. Just look at the number of serious security flaws found in windows compared to Linux or OSX. Thats a different world.
When the author says such thing like
” If this situation was to change, in my opinion, things could be a lot worse on Mac OS X than they currently are on other operating systems, regarding security vulnerabilities…”
Its near to be a huge marketing lie or manipulation. He can not simply say that. OS X is far more secure than windows (if we need to name one of those “other operating systems”, i mean a big portion of OSX is open source, a wonderful auditing tools that Microsoft does not have because all their code is closed. Opening the source code of Darwin gives to Apple a very efficient way to track security holes or problems in this part of the os, and giving Apple more ressource to concentrate on fixing issues on the closed part of the os.
I find incredible that a so called security researcher talks about software auditing tools when in the same time he is talking about an os that has major parts open sourced. Does not give credibility of what he is talking about.
There is one matter of fact. OS X is better secured than Windows, and no way the the author statement is true.
Sorry thats crap….he is just selling security softwares for compagnies that need to find other market when Microsoft will compete with them with its own security tools.
You dont seem to be aware that all the Unix services and semantics in darwin are based on FreeBSD 5.x
Read the Darwin source code then come back to me and say that. Examples:
Compare XNU’s bsd/vm to FreeBSD’s sys/vm. Yes, XNU’s entire VM subsystem (a major and complicated portion of the OS) is different. Compare bsd/vfs to sys/kern/vfs*.c. The VFSs are substantially different. Its obvious they derive from the same code, but its equally obvious that the two diverged long ago. Look at bsd/kern/kern_exec.c and sys/kern/kern_exec.c. Yes, the exec() handling (and indeed the basics of thread handling — see kern_thread.c) are completely different. Compare sys/kern/kern_mutex.c, and, well, you can’t, because the locking model is completely different.
This “Darwin is FreeBSD 5.x” business has to stop. Yes, there is FreeBSD 5.x code in Darwin. Its at the upper levels of the kernel, things like filesystems. Yes, there is a strong resemblance between the Darwin code and the FreeBSD 5.x code. That’s because they are both derived from the 4.4BSD code. Again, Darwin is not based on FreeBSD 5.x. Both are based on 4.4BSD, and Darwin has imported some code from FreeBSD 5.x over time to modernize certain components.
What did he say? He said “Unix services … are based on FreeBSD”.
What did you talk about? Kernel stuff!
Gee, can’t say as I’ve never used OS X. I never hear about Apple computers becomming “zombie computers”, I’ve had MS-XP crash from virus infections. I use Debian Linux, and in two years have never been bothered with a compromised system. I keep reading about these “vulnerabilities” for Linux, Mac, & BSD, but never have had any problem regardless of the “latest threat.” Yeah, I know MS dominates, so they are most frequently exploited. But the nature of other OS’s as requiring a seperation between Administrator & user seems to be very effective. Is it possible Mac OS-X with it’s “ancient flaw” is still far more secure than the heavily patched well known OS?
Paul Sams
…every OS has major security flaws waiting to be uncovered. I worked in VMS Security and know about and fixed some doosies.
I imagine eventually some engineer will get to the gigantic backlog of bugs, or maybe some out-of-college intern… and pick them off one by one.
“…of a type that were fixed on alternative operating systems more than a decade ago”
that says it all about the approach, isn’t it?
This “Darwin is FreeBSD 5.x” business has to stop.
Why would you want to stop the truth?
MacOS X Panther included a massive update of the BSD portions, removing most (if not all) of the NetBSD pieces and FreeBSD 4.x pieces, replacing them with FreeBSD 5.x bits.
Straight from the horse’s mouth:
http://images.apple.com/macosx/pdf/MacOSX_UNIX_TB_v2.pdf
There was also a lot of hooplah on the FreeBSD mailing lists at the time of Panther’s release going on about the updates to FreeBSD 5.x bits.
And, finally, a Google search for ‘”macos x” “freebsd 5” “apple”‘ pulls in several more articles, pages, and sites that cover the transition from FreeBSD 4.x to FreeBSD 5.x bits in MacOS X.
So, like you almost said, stop with the “Darwin is not based FreeBSD 5.x” business.
Edited 2006-01-26 05:03
Did you actually read beyond the first marketing blurb in the PDF you pointed to? It actually tells you what code in Darwin is and is not from FreeBSD!
Stuff from FreeBSD:
1) kqueue/kevent APIs
2) UFS
3) NFS
4) Firewall
Stuff not from FreeBSD:
1) Anything Mach handles (VM, threads, locking).
2) Network stack
3) VFS
4) IOKit
5) Everything that depends on IOKit (power management, device drivers, USB stack, Firewire stack, Bluetooth stack, wireless stack, etc).
6) Access control lists
Geez, I wonder which set of features constitutes the vast bulk of the code? The former is a set of extra features. The latter is the core of the OS.
As I said, don’t trust the marketing literature (Apple touted 4.4BSD-Lite2 for a long time on its marketing literature), read the code yourself. Darwin is not FreeBSD. There is FreeBSD code in Darwin, but the major subsystems are 4.4BSD-Lite2 with NeXT’s and Apple’s customizations.
Besides, consider this logically. Tests have shown that Darwin performs terribly at things that exercise basic UNIX system calls (lmbench). FreeBSD, on the other hand, gets good lmbench numbers. FreeBSD is quite scaleable, benchmarks have shown Darwin is not. If Darwin really was based on FreeBSD, don’t you think it would perform like FreeBSD?
I had a read of that the marketing pdf, and the website, the way it sounds, they use/adopted FreeBSD 5.x technologies, but that doesn’t exactly constitute the adoption of FreeBSD 5.x code.
@rayiner
Just stop your message “a la” i know everything, you guys are fools….You go away and let people out of your hypocrisy.
I know that Darwin threading model is derived from Mach code (actually its Mach model). i know that the Virtual Memory is Mach derived, i know that the two VFS are implemented differently. But FreeBSD has migrated massively to the Mach model for their VM, the lithweight kernel locking in the BSD portion of Darwin has been implemented in the same model as the FreeBSD 5.x one, PLUS the thing that you seem to forget in your hyprocisy is that some aspects that BSD is responsible for include:
– process model
– user ids, permissions, basic security policies
– POSIX API, BSD style system calls
– TCP/IP stack, BSD sockets, firewall
– VFS and filesystems (see Mac OS X Filesystems for details)
– System V IPC
– crypto framework
– various synchronization mechanisms
So now you can call this a minor thing, i call this a massive code sharing. Who should read the Dawrin source code tell me? Maybe its rather you.
And moreover its seems that you can not read properly, i said: darwin is based on FreeBSD 5.x, not Darwin is FreeBSD 5.x, and the most foolish person will see that those two statements are different.
I tell it to you in another way even more correct: the BSD portion of Darwin is based on FreeBSD 5.x.
I dont need to receive any lesson from you in terms of the Darwin source code, i know it better than you. And if a take a statement from an Apple doc for Unix users, its is written:
“The Mac OS X kernel at the heart of Darwin is based on FreeBSD 5 and Mach 3.0. ”
Which is exactly what i said. Now you can be foolish as mush as you want to argue against Apple own statement, i dont care, but dont come here pretending that you know better than others with your “i am the one who know you guys are fools” message. Its not because you posted a crapy article in osnews that you are allowed to think that you are the only one who knows about computer programming.
Also a good read for you
http://www.osviews.com/modules.php?op=modload&name=News&file=articl…
For sure you need to read this from a recognized expert of OS X, ask him as well to go to read the source code.
http://www.kernelthread.com/mac/osx/
Edited 2006-01-26 06:11
If you bother to look at the copyright notices, revision numbers from the original BSD sources, and the source code itself you’ll notice that large parts of the BSD subsystem don’t originate from FreeBSD. Some files actually diverged from newer Berkeley revisions than files in FreeBSD. Some diverge from the same original Berkeley versions but have no contemporary resemblance. Some files prominently feature NeXT copyright statements. Other files are obviously taken from FreeBSD. Other files are entirely written by Apple. Some files are from NetBSD through FreeBSD. While netinet6/ is more or less taken from FreeBSD, the contents of net/ and netinet/ come from many different sources. While there’s obviously a similar process model, the implementation is somewhat related but quite different. Though the SysV IPC implementation comes from NetBSD through FreeBSD, the FreeBSD and XNU versions have diverged considerably. Most of vfs/ is from NeXT, and the rest is Apple. ufs/ is from NeXT. miscfs/ is split between NeXT and Apple. isofs/ is from NetBSD.
I could continue, but it’s not really worth the time necessary to type. While XNU contains files that originate from FreeBSD, it also contains lots of code that doesn’t. Some if it is quite old, and some of it is brand-new. The important part is that people cannot equate XNU to FreeBSD, nor imply that because there’s a code relationship that it also means there’s a necessary performance/security/reliability/purple hair relationship.
Technically, netinet6 is not FreeBSD code. Its from the KAME project, which was designed as a general inet6 layer for various BSDs. Both Apple and FreeBSD adopted its code.
The contents of netinet6/ have been taken from FreeBSD. The FreeBSD code is based upon and synced with the reference implementation by WIDE/KAME. Apple then acquired the code from FreeBSD.
“I had a read of that the marketing pdf, and the website, the way it sounds, they use/adopted FreeBSD 5.x technologies, but that doesn’t exactly constitute the adoption of FreeBSD 5.x code”
Yes agree, thats exactly what it does mean when i say based on FreeBSD 5.x….. I NEVER said that Darwin IS FreeBSD 5.x or that Apple has adopted the all code of FreeBSD 5.x. I am saying again that the BSD portion of Darwin is BASED ON FreeBSD 5.x, the rest of Darwin is Mach. I have written in my previous message what the BSD code is responsible for. I think its clear!!!! I can not be more clear….
“Based on” implies a certain process: that they started by taking FreeBSD 5.x code and transformed that into their current BSD layer. That’s not the case. The BSD layer of Darwin is “based on” 4.4BSD-Lite2. Look at the list of non-FreeBSD subsystems I mentioned (eg: network stack, VFS, process management). Those things are all in the BSD layer, but are not based on FreeBSD code. So where did they come from? 4.4BSD-Lite2 with a lot of NeXT changes over the last decade. When Apple bought out NeXT, they didn’t throw away all the existing BSD code. Instead, they updated certain components (namely, filesystems, the userspace) with FreeBSD code.
I never said the entire kernel was based on FreeBSD, as it’s been clearly shown in many places to be based on Mach, although most of the “micro-kernel”-ness goes unused.
However, the BSD subsystem is now based on FreeBSD 5.x. Panther saw the major shift from 4.x to 5.x for the userland tools, and Tiger pretty much finished the transition. Jordan Hubbard himself even hinted at the transition prior to the release of Panther (http://www.osnews.com/story.php?news_id=3289).
It’s the userland Unix bits, and some networking bits, and other similar things in the BSD subsystem that are now from FreeBSD 5: http://www.apple.com/lae/macosx/
http://developer.apple.com/cgi-bin/search.pl?q=freebsd+5&num=10&sit…
http://www.apple.com/za/education/hed/macosx/
http://nic.phys.ethz.ch/readme/82
http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0131….
http://www.macheads.net/products/software/panther.cfm
http://arstechnica.com/reviews/os/macosx-10.3.ars/10
http://www.serverwatch.com/sreviews/article.php/3396811
http://www.cs.washington.edu/homes/bershad/Mac/panther.pdf
You’re the one who is trying to refute that the kernel is based on FreeBSD … but no-one is trying to say that it is.
There’s more to an OS than the kernel, and there’s more to FreeBSD than the kernel.
The FreeBSD bits in MacOS X are (now) from FreeBSD 5.x.
You’re dodging. I don’t doubt that the FreeBSD components in OS X are from FreeBSD 5.x. I never said otherwise. What I said is that “Darwin is not based on FreeBSD”, since the FreeBSD components don’t make up any core kernel components.
For sure you need to read this from a recognized expert of OS X, ask him as well to go to read the source code.