On 3/23/07 2:53 AM, Theo de Raadt wrote:
quoted text
>> Symantec have been trying to demonise OS X for a long while.
> 
> And it is going to work soon.
> 
> Because OS X has no Propolice-like compiler stack protection, nor
> anything like W^X which makes parts of the address space
> non-executable, nor anything like address space randomization which
> makes certain attacks very difficult, especially with the previous two
> techniques.

Who says they don't have that all in their sleeves?

Like OpenBSD OS X has a pretty clean and well maintained setup.

I believe they can copy most of the defences without any problem from 
well tested OpenBSD and they would be pretty stupid if they didn't 
have done so already for testing.

I presume they haven't put on those defenses to avoid problems with 
third party applications while there aren't serious security problems yet.

quoted text
> So when they have a bug, it is exploitable just like bugs are on any
> other powerpc or i386 machine running some other operating system.
> 
> These days even operating systems like Vista have the above 3 security
> technologies.
> 
> But can we get back to OpenBSD discussions?

Although misc carried quite some fluff lately, the implementation of 
more OpenBSD features in OS X is an interesting thought.

+++chefren

p.s. Maybe I was too harsh against Karel?