Friday, January 16, 2009, 06:30 am PT (09:30 am ET)
Road to Mac OS X Snow Leopard: 64-bit security
Security in 64-bit Snow Leopard
In addition to expanded sandboxing, the move to 64-bit computing will provide a series of other benefits related to security. Apple's 64-bit binaries set all writable memory as non-executable by default, including thread stacks, the heap, and any other writable data segments.
This is already present to an extent in today's Leopard Server, which runs some services, such as the Apache web server, as 64-bit processes. Using the vmmap command reveals that no memory allocated by these 64-bit apps is both writable and executable. On 32-bit Intel systems, while no memory is marked as both writable and executable, the legacy x86 processor design does not enforce the permissions bits, but 64-bit CPUs do. This feature prevents exploits from injecting malicious executable code into memory and tricking the app to run it as it if were its own instructions.
Another security weakness in the x86 architecture solved in the move to 64-bits is the use of registers for function call arguments. This makes exploits using return-into-libc techniques much more difficult. On 32-bit x86, function arguments are passed directly on the stack, so when an attacker has overwritten the stack segment, they can completely control the arguments passed to a function that they cause the compromised program to "return into," according to a security researcher.
The move to 64-bits also greatly enhances the Address Space Layout Randomization (ASLR) techniques used to secure Leopard. Currently, 32-bit binaries are restricted to a relatively small 4GB allocation, making it easier to predict useful addresses for malicious code to target. Additionally, Leopard keeps dyld, Mac OS X's dynamic loader (responsible for loading all of the frameworks, dylibs, and bundles needed by a process) in the same known location, making it relatively trivial to bypass the existing ASLR.
With the much larger address space available to 64-bit binaries, Snow Leopard's ASLR will make it possible to hide the location of loaded code like a needle in a haystack, thwarting the efforts of malicious attackers to maintain predictable targets for controlling the code and data loaded into memory. Without knowing what addresses to target, the "vast majority of these exploits will fail," the security expert explained.
Security before it's needed
Apple's sheltered existence in isolation from regular malware attacks puts it in the enviable position of being able to focus on building security features proactively, rather than in response to ongoing, embarrassing exploits. For Mac users, that means the window of opportunity for malware exploits is being closed off before circumstances change enough for the platform to become a viable target.
The company is being relatively quiet about its security efforts because it doesn't want to be directly compared against Microsoft, which is ahead in some security areas, at least in its latest software releases. However, Microsoft's installed base of the billion PCs running Windows worldwide is not protected by advancements in the latest releases because relatively few users have upgraded to the latest releases.
That give Apple a strong position in maintaining its security halo because the Windows PC world is so rife with low hanging fruit for malicious attackers that the Mac platform remains an undesirable target. That leaves disgruntled pundits with nothing to complain about outside of misleading vulnerability counts. So while PC users contend with the constant din of security issues and performance sapping layers of security software, Mac users are free to just enjoy the silence.
Road to Mac OS X Snow Leopard: 64-bit security is the fifth installment in AppleInsider's ongoing Road to Mac OS Snow Leopard series. Previous installments are listed below in the order they were published.
Road to Mac OS X Snow Leopard: 64-Bits
Road to Mac OS X Snow Leopard: 64-bits, Santa Rosa, and more
Road to Snow Leopard: twice the RAM, half the price, 64-bits
Road to Mac OS X Snow Leopard: the future of 64-bit apps
On Topic: Mac OS X
- Apple to enable pixel-doubled 'Retina' mode for 4K monitors in OS X 10.9.3
- Apple issues first OS X 10.9.3 beta, asks developers to focus on graphics and audio
- Apple issues OS X Server 3.1 Preview beta with added supervised devices support
- Mac owners report OS X 10.9.2 update breaks AirPlay functionality
- Apple releases OS X 10.9.2 with fix for SSL security flaw, plus new FaceTime Audio