On 3/23/07 2:53 AM, Theo de Raadt wrote:
Symantec have been trying to demonise OS X for a long while.
And it is going to work soon.
Because OS X has no Propolice-like compiler stack protection, nor
anything like W^X which makes parts of the address space
non-executable, nor anything like address space randomization which
makes certain attacks very difficult, especially with the previous two
techniques.
Who says they don't have that all in their sleeves?
Like OpenBSD OS X has a pretty clean and well maintained setup.
I believe they can copy most of the defences without any problem from
well tested OpenBSD and they would be pretty stupid if they didn't
have done so already for testing.
I presume they haven't put on those defenses to avoid problems with
third party applications while there aren't serious security problems yet.
So when they have a bug, it is exploitable just like bugs are on any
other powerpc or i386 machine running some other operating system.
These days even operating systems like Vista have the above 3 security
technologies.
But can we get back to OpenBSD discussions?
Although misc carried quite some fluff lately, the implementation of
more OpenBSD features in OS X is an interesting thought.
+++chefren
p.s. Maybe I was too harsh against Karel?
