About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Industry Watch

Leopard Roundup Day 5

A review of how 10.5 is looking through the eyes of those looking at it.

Get It

Try It

Apple's new OS X leapt into 64-bit Country but there are issues and concerns.

Apple: Don't Use Enhancers

Already on 26 October Apple issued article 306857 entitled 'Blue screen appears after installing Leopard and restarting' in which they warn of the dangers of using APE.

After completing an upgrade installation of Leopard and restarting the computer a 'blue screen' may appear for an extended period of time.

Their recommended remedy is to completely reinstall the operating system.

You may have third-party 'enhancement' software installed that does not work with Mac OS X 10.5 Leopard. After installation verify each third-party software product is compatible with Leopard before reinstalling it, especially any application 'enhancement' software.

APE is mentioned first in the 'advanced' cure for a sick Leopard.

  1. Start up in single user mode by holding ⌘-S after restarting the computer.
  2. Execute these commands, each on a single line.
    /sbin/fsck -fy
    /sbin/mount -uw /
  3. Execute this command on a single line.
    Important: Type the command carefully, misuse of rm may damage other files.
    rm -fr /System/Library/SystemConfiguration/ApplicationEnhancer.bundle

The article hastens to advise that even the 'advanced' cure might not work, in which case a complete reinstall is the only remaining alternative. [It's also instructive to note Unsanity are now breaking into the /System hive where no software vendor should ever go.]

As Apple now strongly advise against using such software the hope is Apple users will finally begin to wake up.


Matasano's Thomas Ptacek took a deeper look at some of the new security features of Leopard; the jury's still out on whether you get what you see.

  • Sandboxing. Apple haven't documented it yet and the API cannot formally be used by third party vendors; existing sandbox profiles aren't too spiffy; the important web apps - iChat, Mail, Safari - are not sandboxed.
  • Input managers. They're still around but they're restricted. Only /Library/InputManagers and only input managers owned by root are recognised.
  • Guest accounts. Guests can install cron jobs to run through launchd after logout; they can establish connections to wireless networks which persist after logout; they can mount remote file systems which remain mounted after logout - they can in effect remain resident after their home areas are removed and they can install daemons to listen on network ports to prey on subsequent guests.
  • Address randomisation. dyld is not randomised; offsets don't change between runs of the same program or between runs of different programs; offsets only seem to vary from system install to system install.

Firewall Off by Default?

Heise's Jürgen Schmidt took a look at the Leopard firewall yesterday. He wasn't happy.

The Mac OS X Leopard firewall failed every test. It is not activated by default and even when activated does not behave as expected. Apple show a casual attitude which recalls that of Microsoft four years ago.

Schmidt's article offers workarounds including using the BSD staple ipfw.

See Also
Heise: Leopard with Chinks in its Armour
Rixstep: Don't Let APE Monkey with Your System
Matasano Chargen: A Roundup of Leopard Security Features
Apple: Blue screen appears after installing Leopard and restarting

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.