“The move to 64-bits in Mac OS X 10.6 Snow Leopard will enhance Apple’s efforts to secure its operating system,” Prince McLean reports for AppleInsider.
“In addition to expanded sandboxing, the move to 64-bit computing will provide a series of other benefits related to security. Apple’s 64-bit binaries set all writable memory as non-executable by default, including thread stacks, the heap, and any other writable data segments,” McLean reports.
“This is already present to an extent in today’s Leopard Server, which runs some services, such as the Apache web server, as 64-bit processes,” McLean reports. “Using the vmmap command reveals that no memory allocated by these 64-bit apps is both writable and executable. On 32-bit Intel systems, while no memory is marked as both writable and executable, the legacy x86 processor design does not enforce the permissions bits, but 64-bit CPUs do. This feature prevents exploits from injecting malicious executable code into memory and tricking the app to run it as it if were its own instructions.”
“The move to 64-bits also greatly enhances the Address Space Layout Randomization (ASLR) techniques used to secure Leopard. Currently, 32-bit binaries are restricted to a relatively small 4GB allocation, making it easier to predict useful addresses for malicious code to target. Additionally, Leopard keeps dyld, Mac OS X’s dynamic loader (responsible for loading all of the frameworks, dylibs, and bundles needed by a process) in the same known location, making it relatively trivial to bypass the existing ASLR,” McLean reports. “With the much larger address space available to 64-bit binaries, Snow Leopard’s ASLR will make it possible to hide the location of loaded code like a needle in a haystack, thwarting the efforts of malicious attackers to maintain predictable targets for controlling the code and data loaded into memory.”
Full article here.
