Lion - are Apple's apps sandboxed?

Discussion in 'Mac OS X Lion (10.7)' started by Tech198, Aug 12, 2011.

  1. Tech198 macrumors G4

    Joined:
    Mar 21, 2011
    Location:
    Australia, Perth
    #1
    I know apps bought from app store will be sandboxed, but are the OS apps sandboxed in Lion?
     
  2. tkermit macrumors 68030

    tkermit

    Joined:
    Feb 20, 2004
    #2
    Some are, but not all of them. There's a "Sandbox" column you can activate in Activity Monitor to check this.
     
  3. basher macrumors 6502

    basher

    Joined:
    May 27, 2011
    Location:
    Glendale, AZ USA
    #3
    Did the option to run apps in their own memory space get pulled from Lion? I don't see it listed in System Preferences, Security.
     
  4. dukebound85 macrumors P6

    dukebound85

    Joined:
    Jul 17, 2005
    Location:
    5045 feet above sea level
    #4
    what does sandboxed mean? as in all the files are in one place or what?
     
  5. munkery, Aug 12, 2011
    Last edited: Aug 12, 2011

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #5
    Most if not all of the default apps in Lion that have greater security implications are sandboxed.

    Mandatorily exposed server-side services are sandboxed as before.

    Client-side apps that are sandboxed include Safari (web process), Preview, Quick Look Helper, QuickTime (some components), and TextEdit. Other examples may exist as well.

    These apps are sandboxed because associated file types are manipulated to deliver exploits: Safari (maliciously crafted website), Preview (maliciously crafted PDF), QuickTime (maliciously crafted video/audio), TextEdit (maliciously crafted document), and Quick Look Helper (all of the above).

    Here is an article about the sandbox in OS X.

    http://www.exploit-db.com/download_pdf/16031
     
  6. echo.park macrumors regular

    echo.park

    Joined:
    Aug 4, 2011
  7. munkery, Aug 12, 2011
    Last edited: Aug 12, 2011

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #7
    I would like to know this as well?

    I would hope that Apple would do this for iWork as well even though it is not installed by default.

    It should be noted that these types of attacks targeting OS X are uncommon in the wild. This is due to the difficulty in achieving system level access after gaining user level access. It is more efficient to use social engineering rather than exploitation.

    But, it is good that Apple is being proactive in this regard.
     
  8. basher macrumors 6502

    basher

    Joined:
    May 27, 2011
    Location:
    Glendale, AZ USA
    #8
    Based on what I'm seeing in Activity Monitor when I run Pages '09 it is not sandboxed.
     
  9. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #9
    Do you have Activity Monitor set to show which apps are sandboxed?

    In global menu for Activity Monitor: View -> Columns -> Sandbox.
     
  10. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #11
    Possibly due to iWork not natively handling other common proprietary formats?

    MS Office docs are converted when opened in iWork, right?

    That does not mean that Apple's formats are not liable as well. But, they have not been targeted yet and other mechanisms beyond sandboxing also mitigate this liability.

    Given that all Mac App Store apps have to be sandboxed by November, iWork will be sandboxed in the future.
     
  11. uaecasher macrumors 65816

    uaecasher

    Joined:
    Jan 29, 2009
    Location:
    Stillwater, OK
    #12
    I only have 4 processes that are sandboxed
     

    Attached Files:

  12. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #13
    Open Preview and TextEdit; then Quick Look Helper will also launch.

    I am unsure how to show the components that are sandboxed in QuickTime. Only know from reports via security researchers that QT is somehow sandboxed as well.

    Set Activity Monitor to show "All processes, hierarchical."

    This will reveal the server-side processes that are sandboxed.
     
  13. tkermit macrumors 68030

    tkermit

    Joined:
    Feb 20, 2004
    #14
    John Siracusa's latest OS X review contains a good explanation of Sandboxing in Lion.
     
  14. brand macrumors 601

    brand

    Joined:
    Oct 3, 2006
    Location:
    127.0.0.1
    #15
    Sandbox
     
  15. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #16
    VTDecoderXPCService is the process that sandboxes functions related to QuickTime.
     

Share This Page