mac os x - usenix · mac os x from the server room to your jordan hubbard director, unix technology...
TRANSCRIPT
![Page 1: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/1.jpg)
Mac OS XFrom the server room to your
Jordan HubbardDirector, Unix Technology GroupApple, Inc.
![Page 2: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/2.jpg)
Who I am•Long-time Unix zealot
•Long-time Open Source contributor (go FreeBSD!)
•Why I came to Apple (in 2001)
•Unix won the server, so next the desktop
•Freedom to Innovate (more than in
![Page 3: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/3.jpg)
What I do (@Apple)
•BSD and general open source technology
•Security technology (OS and crypto)
•Other things that would make your head hurt (mine does)
![Page 4: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/4.jpg)
Let’s start with a quick history
![Page 5: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/5.jpg)
Mac OS X ReleasesPublic Beta (Kodiak)
09 / 2000 0 BX10.0 (Cheetah) 03 / 2001 6 months10.1 (Puma) 11 / 2001 8 months10.2 (Jaguar) 08 / 2002 9 months10.3 (Panther) 10 / 2003 14 months10.4 (Tiger) 05 / 2005 19 months10.4 (Tiger/x86) 01 / 2006 8 months10.5 (Leopard) 10 / 2007 21 months10.6 (SnowLeopard)
Q1 2009 14+ months
Release DeltaRelease Date
![Page 6: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/6.jpg)
Mac OS X ReleasesPublic Beta (Kodiak)
09 / 2000 0 BX10.0 (Cheetah) 03 / 2001 6 months10.1 (Puma) 11 / 2001 8 months10.2 (Jaguar) 08 / 2002 9 months10.3 (Panther) 10 / 2003 14 months10.4 (Tiger) 05 / 2005 19 months10.5 (Leopard) 10 / 2007 29 months10.6 (SnowLeopard)
Q1 2009 14+ months
Release DeltaRelease Date
![Page 7: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/7.jpg)
10.0 in brief•Represented the first merger of NeXTStep
and MacOS technologies as a new, functional whole
•Introduced Aqua and Quartz
•APIs: Cocoa, Carbon and Java
•First “transition environment”: Classic
•Unix bits: NeXTStep + various *BSD bits + some GNU software
![Page 8: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/8.jpg)
10.1 in brief•UI is more polished
•A lot of Unix components are updated, many from FreeBSD
•Added some new ones (like Apache)
•Early scripting languages appear (Tcl, Perl, Python) and devtools get a small polish
![Page 9: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/9.jpg)
10.2 in brief•Quartz Extreme implemented on OpenGL
•Rendezvous (now Bonjour) appears
•Printer sharing, personal firewall and other “Unix features” surface to user
•More productivity apps are bundled
•FreeBSD is now principle OSS reference
•Ruby is now bundled (but somewhat broke)
•LWMLAF: 20%
![Page 10: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/10.jpg)
10.3 in brief•Exposé and various fancy “UI tricks”
appear
•Fast user switching and filevault appear
•Much improved Windows interoperability
•First appearance of Xcode
![Page 11: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/11.jpg)
10.4 in brief•Spotlight appears - Immediately starts
indexing everything in sight
•Dashboard appears (along with a small explosion of widgets)
•Voiceover and other key “Accessibility” features appear
•Launchd eats init, xinetd, cron, mach_init, ...
•Unix environment gets another big overhaul
•LWMLAF: 70% (bye bye Vaio!)
![Page 12: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/12.jpg)
10.5 in brief•Marketing: Over 300 new features!
•Engineering: Yes, actually, there is a very large number of features and improvements in there
•LWMLAF: (so high it’s embarrassing, really)
•The features, let me show you them...
![Page 13: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/13.jpg)
Security Improvements in
Leopard
![Page 14: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/14.jpg)
•File Quarantine•Sandbox•Package and Code Signing•Application Firewall•Parental Controls•Non-Executable (NX) Data•Address Space Layout
Randomization
Topics I’ll be racing through
![Page 15: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/15.jpg)
File Quarantine: The problem
![Page 16: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/16.jpg)
File Quarantine: The problem• Opening a document is expected to launch an application on Mac OS X
• Malware can therefore be disguised as documents• Casual inspection is no longer safe
![Page 17: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/17.jpg)
File Quarantine: The problem• Opening a document is expected to launch an application on Mac OS X
• Malware can therefore be disguised as documents• Casual inspection is no longer safe
![Page 18: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/18.jpg)
File Quarantine: The problem• Opening a document is expected to launch an application on Mac OS X
• Malware can therefore be disguised as documents• Casual inspection is no longer safe
![Page 19: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/19.jpg)
File Quarantine: How it works
![Page 20: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/20.jpg)
File Quarantine: How it works• Download content → Quarantine EA added
■ EA also stores context of download for later use■ Download time, origin, application, etc…
![Page 21: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/21.jpg)
File Quarantine: How it works• Download content → Quarantine EA added
■ EA also stores context of download for later use■ Download time, origin, application, etc…
• Activate quarantined content → system inspection, user dialog if needed:
![Page 22: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/22.jpg)
Quarantine Propagation(in popular archivers)
latestpics
latestpics.dmg
latestpics.ziplatestpics latestpics.zip
latestpics.dmg
latestpics.jpglatestpics.jpglatestpicslatestpics
![Page 23: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/23.jpg)
File Quarantine: How it works(under the hood)
jkh@woot-> ls -l@ FluffyBunny.dmg-rw-r--r--@ 1 jkh staff 778014 Mar 7 2008 FluffyBunny.dmg com.apple.diskimages.recentcksum 80 com.apple.metadata:kMDItemWhereFroms 344 com.apple.quarantine 74
This is purely an implementation detail, of course, so don’t go relying on its name or contents!
![Page 24: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/24.jpg)
File Quarantine
• APIs and various LaunchServices mechanisms provided for creating / propagating Quarantine information
• See Open Source tools for reference (tar, zip, et al).
• Automatic Quarantine Mode■ Quarantines all files created by an application■ Info.plist keys
■ LSFileQuarantineEnabled■ LSFileQuarantineExcludedPathPatterns
![Page 25: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/25.jpg)
Sandbox
![Page 26: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/26.jpg)
Sandbox• Hardens applications and services by restricting system operations, even for applications with system privileges
![Page 27: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/27.jpg)
Sandbox• Hardens applications and services by restricting system operations, even for applications with system privileges
• Reduces impact of vulnerabilities
![Page 28: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/28.jpg)
Sandbox• Hardens applications and services by restricting system operations, even for applications with system privileges
• Reduces impact of vulnerabilities•Many system services now run in a Sandbox
■ BIND, portmap, Xgrid, Spotlight importers, QuickLooks, … (see /usr/share/sandbox)
![Page 29: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/29.jpg)
;; NOTE: The profile language is a private interface and;; subject to change without notice(version 1)(deny default)(allow sysctl-read)(allow network*)(allow file-write* file-read-data file-read-metadata (regex #"^(/private)?/var/run/syslog$" #"^(/private)?/var/run/syslog\.pid$" #"^(/private)?/var/run/asl_input$" #"^(/private)?/dev/console$" #"^(/private)?/var/log/.*\.log$" #"^(/private)?/var/log/asl\.db$"))(allow file-read-data file-read-metadata (regex #"^(/private)?/dev/klog$" #"^(/private)?/etc/asl\.conf$" #"^(/private)?/etc/syslog\.conf$" #"^/usr/lib/asl/.*\.so$"))
Profile languageSandbox Hey, that looks familiar!
(OK, it’s Scheme)
![Page 30: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/30.jpg)
(version 1)(debug deny)(import "bsd.sb")(deny default)(allow process*)(allow file-read*)(allow sysctl-read)
Profile languageSandbox
Let’s try a simpler example.We’ll call this “testsandbox.sb”
![Page 31: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/31.jpg)
(version 1)(debug deny)(import "bsd.sb")(deny default)(allow process*)(allow file-read*)(allow sysctl-read)
Profile languageSandbox
Let’s try a simpler example.We’ll call this “testsandbox.sb”
jkh@woot-> sandbox-exec -f testsandbox.sb bashI have no name!@woot-> ping localhostbash: /sbin/ping: Operation not permitted
![Page 32: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/32.jpg)
(version 1)(debug deny)(import "bsd.sb")(deny default)(allow process*)(allow file-read*)(allow sysctl-read)
Profile languageSandbox
Let’s try a simpler example.We’ll call this “testsandbox.sb”
jkh@woot-> sandbox-exec -f testsandbox.sb bashI have no name!@woot-> ping localhostbash: /sbin/ping: Operation not permittedI have no name!@woot-> cat > /tmp/youcanttouchthisbash: /tmp/youcanttouchthis: Operation not permitted
![Page 33: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/33.jpg)
(version 1)(debug deny)(import "bsd.sb")(deny default)(allow process*)(allow file-read*)(allow sysctl-read)
Profile languageSandbox
Let’s try a simpler example.We’ll call this “testsandbox.sb”
jkh@woot-> sandbox-exec -f testsandbox.sb bashI have no name!@woot-> ping localhostbash: /sbin/ping: Operation not permitted
I have no name!@woot-> head .bashrc#!/usr/local/bin/bash## This is .bashrc, a file composed solely of shell functions....
I have no name!@woot-> cat > /tmp/youcanttouchthisbash: /tmp/youcanttouchthis: Operation not permitted
![Page 34: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/34.jpg)
(version 1)(debug deny)(import "bsd.sb")(deny default)(allow process*)(allow file-read*)(allow sysctl-read)(allow mach-lookup (global-name "com.apple.system.DirectoryService.libinfo_v1"))
Profile languageSandbox
... To fix the “I have no name!” problem
![Page 35: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/35.jpg)
SandboxAPI
• sandbox_init(…, SANDBOX_NAMED, …)• Predefined Sandboxes, see sandbox.h
■ Pure computation■ Read-only■ Read-only + write temporary folders■ Prohibit networking
![Page 36: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/36.jpg)
SandboxHow it works under the hood
•Built on top of Mandatory Access Control (MAC) subsystem from SEDarwin (based on TrustedBSD)
•Uses special “compiler” process to turn high-level form into highly efficient bytecode (sandbox-compilerd(8))
•An evolving work in progress•(JFYI, MAC was also used to protect
![Page 37: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/37.jpg)
Code Signing
![Page 38: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/38.jpg)
Code Signing• Hard cryptographic signature for stand-
alone executables and application bundles
![Page 39: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/39.jpg)
Code Signing• Hard cryptographic signature for stand-
alone executables and application bundles
• Application identity maintained across versions, resulting in far fewer Keychain-related dialogs
![Page 40: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/40.jpg)
Code Signing• Hard cryptographic signature for stand-
alone executables and application bundles
• Application identity maintained across versions, resulting in far fewer Keychain-related dialogs
• Used by Keychain, Application Firewall, Parental Controls, Authorization, …
![Page 41: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/41.jpg)
Code Signing• Hard cryptographic signature for stand-
alone executables and application bundles
• Application identity maintained across versions, resulting in far fewer Keychain-related dialogs
• Used by Keychain, Application Firewall, Parental Controls, Authorization, …
• Can also be used to implement more advanced, secure IPC (“knock knock!”
![Page 42: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/42.jpg)
Code SigningEven the Unixy ones
jkh@woot-> codesign -v -d /bin/catExecutable=/bin/catIdentifier=com.apple.catFormat=Mach-O universal (i386 ppc7400)CodeDirectory v=20001 size=178 flags=0x0(none) hashes=4+2 location=embeddedSignature size=4064Info.plist=not boundSealed Resources=noneInternal requirements count=0 size=12
jkh@woot-> codesign -h 296/bin/bash/mach_kernel
![Page 43: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/43.jpg)
Package Signing•Packages are now cryptographically verified•Sign packages using PackageMaker
![Page 44: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/44.jpg)
Package Signing•Packages are now cryptographically verified•Sign packages using PackageMaker
![Page 45: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/45.jpg)
Package Signing•Packages are now cryptographically verified•Sign packages using PackageMaker
![Page 46: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/46.jpg)
Package Signing•Packages are now cryptographically verified•Sign packages using PackageMaker
![Page 47: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/47.jpg)
Package Signing•Packages are now cryptographically verified•Sign packages using PackageMaker
![Page 48: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/48.jpg)
Application Firewall• New inbound filtering engine• Traffic is allowed based on application, not just port/protocol
![Page 49: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/49.jpg)
Application Firewall• New inbound filtering engine• Traffic is allowed based on application, not just port/protocol
![Page 50: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/50.jpg)
Application Firewall• New inbound filtering engine• Traffic is allowed based on application, not just port/protocol
![Page 51: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/51.jpg)
Application Firewall• Much easier configuration for most users (no need to use System Preferences)
• IPFW is still present for advanced users, of course• Applications are tracked by signature
![Page 52: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/52.jpg)
Application Firewall• Much easier configuration for most users (no need to use System Preferences)
• IPFW is still present for advanced users, of course• Applications are tracked by signature
![Page 53: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/53.jpg)
Parental Controls
Allows an admin to:
* Limit access to apps* Restrict web activity* Restrict mail / ichat* Log suspicious activity
Applications are, again, tracked by signature
![Page 54: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/54.jpg)
Non Executable (NX) Data
Thread 1 Stack
Heap
Thread 0 Stack
Library text
Library dataRead-only, executableRead-write, non-executable
![Page 55: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/55.jpg)
Non Executable (NX) Data• Tiger/x86 had only NX stack
Thread 1 Stack
Heap
Thread 0 Stack
Library text
Library dataRead-only, executableRead-write, non-executable
![Page 56: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/56.jpg)
Non Executable (NX) Data• Tiger/x86 had only NX stack
Thread 1 Stack
Heap
Thread 0 Stack
Library text
Library dataRead-only, executableRead-write, non-executable
• Leopard: 64-bit apps have NX stack, heap, … → W^X
![Page 57: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/57.jpg)
Non Executable (NX) Data• Tiger/x86 had only NX stack
Thread 1 Stack
Heap
Thread 0 Stack
Library text
Library dataRead-only, executableRead-write, non-executable
• Leopard: 64-bit apps have NX stack, heap, … → W^X■ Intel 64-bit (Intel Core 2 Duo or later)■ PPC 64-bit (G5)■ 32-bit apps as in Tiger for
compatibility
![Page 58: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/58.jpg)
Non Executable (NX) Data• Tiger/x86 had only NX stack
Thread 1 Stack
Heap
Thread 0 Stack
Library text
Library dataRead-only, executableRead-write, non-executable
• Leopard: 64-bit apps have NX stack, heap, … → W^X
•Applications that need to execute code in data segments use mprotect
■ Intel 64-bit (Intel Core 2 Duo or later)■ PPC 64-bit (G5)■ 32-bit apps as in Tiger for
compatibility
![Page 59: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/59.jpg)
Non Executable (NX) Data• Tiger/x86 had only NX stack
Thread 1 Stack
Heap
Thread 0 Stack
Library text
Library dataRead-only, executableRead-write, non-executable
• Leopard: 64-bit apps have NX stack, heap, … → W^X
•Applications that need to execute code in data segments use mprotect
•Helps mitigate many buffer overflows, format string bugs, …
■ Intel 64-bit (Intel Core 2 Duo or later)■ PPC 64-bit (G5)■ 32-bit apps as in Tiger for
compatibility
![Page 60: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/60.jpg)
Address Space Layout Randomization
![Page 61: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/61.jpg)
Address Space Layout Randomization•Even with NX data, it may be possible for an exploit to jump to a library or framework function■ e.g., system(3)—Pass a commandto the shell
■ This is commonly known as“return-to-libc”
![Page 62: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/62.jpg)
Address Space Layout Randomization•Even with NX data, it may be possible for an exploit to jump to a library or framework function■ e.g., system(3)—Pass a commandto the shell
■ This is commonly known as“return-to-libc”
AppKit
WebKit
CoreServices
libSystem
QuartzCore
![Page 63: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/63.jpg)
Address Space Layout Randomization•Even with NX data, it may be possible for an exploit to jump to a library or framework function■ e.g., system(3)—Pass a commandto the shell
■ This is commonly known as“return-to-libc”
AppKit
WebKit
CoreServices
libSystem
QuartzCore
![Page 64: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/64.jpg)
Address Space Layout Randomization•Even with NX data, it may be possible for an exploit to jump to a library or framework function■ e.g., system(3)—Pass a commandto the shell
■ This is commonly known as“return-to-libc”
AppKit
WebKit
CoreServices
libSystem
QuartzCore
0x90046ff0 <system>: push %rbp
![Page 65: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/65.jpg)
Address Space Layout Randomization•Even with NX data, it may be possible for an exploit to jump to a library or framework function■ e.g., system(3)—Pass a commandto the shell
■ This is commonly known as“return-to-libc”
AppKit
WebKit
CoreServices
libSystem
QuartzCore
0x90046ff0 <system>: push %rbp
predictable
![Page 66: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/66.jpg)
Address Space Layout •Even with NX data, it may be possible for an exploit to jump to a library or framework function■ e.g., system(3)—Pass a command
•Common libraries are loaded in random order
•Opt-in: Application executables and libraries loaded at random page■ When linked with -pie (i.e., cc -Wl,-pie)
![Page 67: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/67.jpg)
Address Space Layout
AppKit
WebKit
CoreServices
QuartzCore
•Even with NX data, it may be possible for an exploit to jump to a library or framework function■ e.g., system(3)—Pass a command
•Common libraries are loaded in random order
•Opt-in: Application executables and libraries loaded at random page■ When linked with -pie (i.e., cc -Wl,-pie)
libSystem
![Page 68: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/68.jpg)
Address Space Layout
AppKit
WebKit
CoreServices
QuartzCore
•Even with NX data, it may be possible for an exploit to jump to a library or framework function■ e.g., system(3)—Pass a command
•Common libraries are loaded in random order
•Opt-in: Application executables and libraries loaded at random page■ When linked with -pie (i.e., cc -Wl,-pie)
libSystem
![Page 69: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/69.jpg)
Address Space Layout
AppKit
WebKit
CoreServices
QuartzCore
•Even with NX data, it may be possible for an exploit to jump to a library or framework function■ e.g., system(3)—Pass a command
•Common libraries are loaded in random order
•Opt-in: Application executables and libraries loaded at random page■ When linked with -pie (i.e., cc -Wl,-pie)
libSystem
0x90046ff0 <sStringTable+6265>: sbb (%rdx),%dh
![Page 70: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/70.jpg)
Address Space Layout
AppKit
WebKit
CoreServices
QuartzCore
•Even with NX data, it may be possible for an exploit to jump to a library or framework function■ e.g., system(3)—Pass a command
•Common libraries are loaded in random order
•Opt-in: Application executables and libraries loaded at random page■ When linked with -pie (i.e., cc -Wl,-pie)
libSystem
0x90046ff0 <sStringTable+6265>: sbb (%rdx),%dh
![Page 71: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/71.jpg)
Address Space Layout
AppKit
WebKit
CoreServices
QuartzCore
•Even with NX data, it may be possible for an exploit to jump to a library or framework function■ e.g., system(3)—Pass a command
•Common libraries are loaded in random order
•Opt-in: Application executables and libraries loaded at random page■ When linked with -pie (i.e., cc -Wl,-pie)
libSystem
0x90046ff0 <sStringTable+6265>: sbb (%rdx),%dh
![Page 72: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/72.jpg)
Developer Tools Options•Stack overflow checking
■ Canaries as in StackGuard, ProPolice, Microsoft Visual Studio /GS
voidbad(const char *filename) { char path[PATH_MAX];
...sprintf(path, "%s/%s", getenv("HOME"), filename); ...}
Higheraddresses
const char *filename
Return address
char path[PATH_MAX]
![Page 73: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/73.jpg)
Developer Tools Options•Stack overflow checking
■ Canaries as in StackGuard, ProPolice, Microsoft Visual Studio /GS
voidbad(const char *filename) { char path[PATH_MAX];
...sprintf(path, "%s/%s", getenv("HOME"), filename); ...}
Higheraddresses
const char *filename
Return address
char path[PATH_MAX]
const char *filename
Return address
char path[PATH_MAX]char path[PATH_MAX]
const char *filename
Return addressCanary
![Page 74: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/74.jpg)
Developer Tools Options
![Page 75: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/75.jpg)
Developer Tools Options•Object size checking
![Page 76: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/76.jpg)
Developer Tools Options•Object size checking
■ Some unsafe API usage → checked-at-runtime behavior
![Page 77: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/77.jpg)
Developer Tools Options•Object size checking
■ Some unsafe API usage → checked-at-runtime behavior
■ memcpy, mempcpy, memmove, memset, strcpy, stpcpy, strncpy, strcat, strncat, sprintf, vsprintf,
![Page 78: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/78.jpg)
Developer Tools Options•Object size checking
■ Some unsafe API usage → checked-at-runtime behavior
■ memcpy, mempcpy, memmove, memset, strcpy, stpcpy, strncpy, strcat, strncat, sprintf, vsprintf,
voidbefore(const char *filename) { char path[PATH_MAX];...sprintf(path, "%s/%s", getenv("HOME"), filename); ...}
voidafter(const char *filename) { char path[PATH_MAX];...__builtin___sprintf_chk(path, 0, __builtin_object_size(path, 2>1), "%s/%s",
getenv("HOME"), filename);...}
![Page 79: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/79.jpg)
Developer Tools Options•Object size checking
■ Some unsafe API usage → checked-at-runtime behavior
■ memcpy, mempcpy, memmove, memset, strcpy, stpcpy, strncpy, strcat, strncat, sprintf, vsprintf,
voidbefore(const char *filename) { char path[PATH_MAX];...sprintf(path, "%s/%s", getenv("HOME"), filename); ...}
voidafter(const char *filename) { char path[PATH_MAX];...__builtin___sprintf_chk(path, 0, __builtin_object_size(path, 2>1), "%s/%s",
getenv("HOME"), filename);...}
![Page 80: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/80.jpg)
Developer Tools Options•Object size checking
■ Some unsafe API usage → checked-at-runtime behavior
■ memcpy, mempcpy, memmove, memset, strcpy, stpcpy, strncpy, strcat, strncat, sprintf, vsprintf,
voidbefore(const char *filename) { char path[PATH_MAX];...sprintf(path, "%s/%s", getenv("HOME"), filename); ...}
voidafter(const char *filename) { char path[PATH_MAX];...__builtin___sprintf_chk(path, 0, __builtin_object_size(path, 2>1), "%s/%s",
getenv("HOME"), filename);...}
![Page 81: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/81.jpg)
Back to my mac•Uses wide-area Bonjour / DDNS
(through .Mac) for name registration
•Supports NAT-PMP and UPnP to get through NATs
•Uses Kerberos and private certs for authentication
•Makes screen/filesharing really easy without compromising security
![Page 82: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/82.jpg)
Unix geek improvements in
Leopard
![Page 83: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/83.jpg)
DTrace•A dynamic, programmable tracing
environment created by Sun in 2003
•Can trace the execution of everything from kernel routines, library functions and even scripts in various interpreted languages
•Mac OS X offers a hugely comprehensive set of probe points all the way up the
![Page 84: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/84.jpg)
DTrace•DTrace scripts are written in Sun’s D
programming language, effectively a “safe subset” of C, and compiled to bytecode
•A number of generally useful “canned” scripts can be found in /usr/bin/*.d for reading/running
•Used internally by Instruments.app in DevTools
![Page 85: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/85.jpg)
DTrace•Scripts need not be complex to do useful
things:#!/usr/sbin/dtrace -ssyscall:::entry { @num[execname] = count(); } ... dtrace 33 VZAccess Manager 50 softwareupdate 51 configd 157 WindowServer 234
Shows me most “system bound” tasks currently running
![Page 86: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/86.jpg)
DTrace in Instruments
Even easier!
![Page 87: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/87.jpg)
Launchd•Since its introduction in Tiger, it has
transformed how all things are launched on Mac OS X
•Things are launched by dependency, not by static declarations
•Execution environments are cleanly constrained
•Ease of use has encouraged the
![Page 88: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/88.jpg)
Launchd•All configuration controlled by per-user /
per-system XML plist files (though launchd itself does not grok XML)
•launchctl behaves differently depending on “which launchd you’re asking”
•sudo launchctl list (system)
•launchctl list (current session)
•launchctl -S / -D flags control this also
![Page 89: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/89.jpg)
ASL•Apple’s replacement for syslog (and a
secret evidently too-well-kept)
•Supports arbitrary number of log message properties in a clean, consistently encoded format
•Powerful boolean operator search API
•Per-process and per-system message filter values
![Page 90: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/90.jpg)
UNIX03 •A fairly massive multi-year project
involving many Unix commands, libraries and documentation
•Leopard now joins the ranks of IBM (AIX) and Sun (Solaris) in being a fully certified UNIX®
•API compatibility maintained through symbol versioning tricks and
![Page 91: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/91.jpg)
X11 in Leopard
•The XFree86 vs X.org saga
•Consequences of going with X.org in Leopard
•XQuartz project on Mac OS Forge
•Current status of fullscreen, GLX, 3D,
![Page 92: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/92.jpg)
ZFS•Sun’s highly fault-tolerant, dynamic
storage pool-based, snapshotting “zetabyte” filesystem
•Shipped read-only implementation in Leopard, for future compatibility only
•Full read/write version available from http://zfs.macosforge.org (along with other useful info)
![Page 93: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/93.jpg)
Scripting Languages
•BridgeSupport: Describing ObjC and C APIs through Metadata (../Resources/BridgeSupport/)
•RubyCocoa and PyObjC are bundled, including XCode application templates
•Compatibility will be maintained while evolving strategy here
![Page 94: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/94.jpg)
Directory Services•Netinfo is dead. Long live Netinfo.
•Lookupd is also dead, as are several intermediate layers of mechanism from the old system
•DirectoryService now provides all lookup, caching and local host/user/group database services (as XML plist files in /var/db/dslocal)
![Page 95: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/95.jpg)
Apple’s evolving Open Source strategy
![Page 96: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/96.jpg)
Apple’s evolving Open Source strategy
•2000: In the beginning, there was Darwin and the stand-alone Darwin releases
![Page 97: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/97.jpg)
Apple’s evolving Open Source strategy
•2000: In the beginning, there was Darwin and the stand-alone Darwin releases
•2002: The rise of OpenDarwin
![Page 98: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/98.jpg)
Apple’s evolving Open Source strategy
•2000: In the beginning, there was Darwin and the stand-alone Darwin releases
•2002: The rise of OpenDarwin
•2006: The fall of OpenDarwin
![Page 99: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/99.jpg)
Apple’s evolving Open Source strategy
•2000: In the beginning, there was Darwin and the stand-alone Darwin releases
•2002: The rise of OpenDarwin
•2006: The fall of OpenDarwin
•2006: ZFS and DTrace - working with Sun
![Page 100: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/100.jpg)
Some projects on MacOSForge
•CalendarServer: A CalDAV-compliant server
•WebKit: Apple’s most successful OSS project
•MacPorts: Apple’s 2nd most successful one
•MacRuby: A version of Ruby for MacOSX
![Page 101: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/101.jpg)
MacRuby•A port of Ruby 1.9 to the Objective C
runtime
•Uses Objective C generational garbage collector (“autozone”, just released as OSS)
•Uses Core Foundation types (NSString, NSArray, NSDictionary, ...) natively
![Page 102: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/102.jpg)
A very simple application
Cocoa Hello World
![Page 103: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/103.jpg)
Objective C version# impor t <Cocoa/Cocoa.h>
@inter face But tonCont ro l le r : NSObject@end
@implementat ion But tonCont ro l le r
- (vo id )sayHe l lo : ( id )sender{ NSLog(@"Hel lo Wor ld ! " ) ;}
@end
in t ma in (vo id ){ NSAppl ica t ion *app = [NSAppl ica t ion sharedAppl ica t ion ] ;
NSWindow *window = [[NSWindow alloc] initWithContentRect:NSMakeRect(0, 0, 200, 60) s ty leMask:NSTi t ledWindowMask |NSClosab leWindowMask |NSMin ia tur i zab leWindowMask |NSRes izab leWindowMask back ing :NSBack ingStoreBuffe red de fe r :NO] ;
[w indow setT i t le :@"He l lo Wor ld" ] ;
NSBut ton *but ton = [ [NSBut ton a l loc ] in i tWi thFrame:NSZeroRect ] ; [ [w indow contentView] addSubv iew:but ton ] ;
[button setBezelStyle:NSRoundedBezelStyle]; [button setTitle:@"Hello!"]; [but ton s izeToF i t ] ;
NSSize contentS ize = [ [w indow contentView] f rame] .s ize ; NSSize buttonSize = [button frame].size; NSPoint point = NSMakePoint((contentSize.width / 2.0) - (buttonSize.width / 2.0), (contentSize.height / 2.0) - (buttonSize.height / 2.0)); [button setFrameOrigin:point];
But tonCont ro l le r *but tonCont ro l le r = [But tonCont ro l le r new] ; [but ton setTarget :but tonCont ro l le r ] ; [button setAction:@selector(sayHello:)];
[window display]; [w indow orderFrontRegard less ] ;
[app run];
re tu rn 0 ;}
![Page 104: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/104.jpg)
“Straight port” MacRuby f ramework 'Cocoa'
app = NSAppl ica t ion .sharedAppl ica t ion
win = NSWindow.a l loc . in i tWi thContentRect ( [0 , 0 , 200, 60 ] , s ty leMask:NSTi t ledWindowMask |NSClosab leWindowMask |NSMin ia tur i zab leWindowMask |NSRes izab leWindowMask, back ing :NSBack ingStoreBuffe red, defer:false) win. t i t l e = 'He l lo Wor ld '
but ton = NSBut ton .a l loc . in i tWi thFrame(NSZeroRect ) win.contentView.addSubv iew(but ton )
but ton .beze lSty le = NSRoundedBeze lSty le but ton . t i t l e = 'He l lo ! ' but ton .s izeToF i t but ton . f rameOr ig in = NSMakePoin t ( (w in .contentView. f rameSize .w idth / 2 .0 ) - (but ton . f rameSize .w idth / 2 .0 ) , (w in .contentView. f rameSize .he ight / 2 .0 ) - (but ton . f rameSize .he ight / 2 .0 ) ) but ton_cont ro l le r = Object .new def but ton_cont ro l le r.sayHe l lo (sender ) puts "He l lo Wor ld ! " end but ton . ta rget = but ton_cont ro l le r but ton .act ion = 'sayHe l lo : '
win.d isp lay win.orderFrontRegard less
app. run
![Page 105: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/105.jpg)
MacRuby + HotCocoa version
requ i re 'hotcocoa' i nc lude HotCocoa appl ica t ion do w indow : t i t l e => 'He l lo Wor ld ' , : f rame => [0 , 0 , 120, 120 ] do |w | button :title => 'Click me' do |b| b .on_act ion { puts 'He l lo Wor ld ! ' } w << b end end end
![Page 106: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/106.jpg)
![Page 107: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/107.jpg)
Our scary future...
![Page 108: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/108.jpg)
The rise of the GPU
0
375
750
1,125
1,500
1998 2000 2001 2002 2003 2004 2005 2006 2007 2008
Number of Transistors (in millions)
2010 ?
Hi!
And these are largely computational, not cache!
![Page 109: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/109.jpg)
The future: GPUs•GPUs are becoming insanely fast and
capable
•GPUs are also, finally, mathematically accurate and thus useful for general computation
•OpenCL is an important development in this space
•Convergence with CPUs is not that far
![Page 110: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/110.jpg)
The future: Intel •2008: Penryn: 8 core configurations now
common.
•2009: Nehalem: 12-16 cores become common, Larrabee also raising this to 32 for Intel’s “GPU”
•2010: 2nd die-shrink for Larrabee likely to yield > 32 cores in commodity hardware
•2015: Here’s the plan: ONE MILLION CORES!
(all data coming from published roadmaps)
![Page 111: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/111.jpg)
The future: Intel •No, seriously, what does this mean?
•It means that Hardware folks are out of headroom on pure clock speed and must go lateral
•The hardware folks are also probably tired of paying for the Software people’s sins. ccNUMA is likely to eventually yield (back) to NUMA. Good for them, bad for us!
•Memory access, already very expensive, will become substantially more so (ex-SGI ,
![Page 112: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/112.jpg)
The future: Intel •Forget everything you thought you knew
about multi-threaded programming (and, as it turns out, most developers didn’t know much anyway)
•The kernel is the only one who really knows the right mix of cores and power states to use at any given time - this can’t be a pure app-driven decision
•We need new APIs and mechanisms for dealing with this incoming meteor
![Page 113: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/113.jpg)
The future: Intel If you think I am exaggerating the severity of
this problem, just remember:
Less than 30 years ago, this 16 bit 68000 was state-of-the-art, running at 8 Megahertz on a 3500nm process
And we’re evolving much faster today...
![Page 114: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/114.jpg)
The future: Mobility•Ubiquitous computing is not “coming”, it is
already HERE
•Small devices under increasing pressure to become “micro” devices (active badges, bluetooth headsets, cerebral implants, etc)
•Start thinking in terms of milliwatts, not just watts, because your power budget is shrinking
•The same applies to servers (think carbon
![Page 115: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/115.jpg)
iPhone Lessons•“Enterprise” features (like code signing) can
also be substantially leveraged on mobile devices
•Mobile device features (like CoreAnimation) can also encourage innovation in “bigger” devices
•You can actually can run a full Unix on a phone now
![Page 116: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/116.jpg)
iPhone Lessons•It’s all about the power, and all resources
(memory, flash, CPU) take power. We need to challenge our “Unix assumptions” about power being plentiful
•Stability is key for something this critical (can’t crash while dialing emergency services). You just can’t run everything you want to
•Even with reduced power demands, mobile
![Page 117: Mac OS X - USENIX · Mac OS X From the server room to your Jordan Hubbard Director, Unix Technology Group Apple, Inc](https://reader031.vdocuments.site/reader031/viewer/2022022709/5bade7c809d3f253098c1c09/html5/thumbnails/117.jpg)
Any questions?