Sandboxing Applications in Leopard – A step in the right direction
Friday November 2, 2007 at 4:19 am CST
Posted by Harish Garg
Apple’s shiny new cat is out and it’s not just pretty, but also features some good security enhancements seen for the first time in the Mac OS.
One of the key security features of the Leopard OS is Sandboxing. Sandboxing restricts the sandboxed application to be only able to perform actions or access resources based on whatever they are supposed to do. For example a sandboxed application will only be allowed access to certain files or be restricted to whether they can access the network or not.
By default, however, only a few Leopard applications are sandboxed, like the Helper applications which is used for enabling Spotlight or Bonjour. Surprisingly applications like iChat and the Safari browser, which are generally the first target of attackers, are not sandboxed. Apple, however, might have plans to add them in a future Leopard 10.5.x update.
Lack of API documentation for third-party developers to sandbox their own applications limits the usefulness of this feature right now. However, this may get resolved in the near future as well.
Overall, it’s a big step in the right direction.