Apple Reveals Some Of Leopard’s Spots

Apple has put up the first of their [Leopard Technology Series for Developers]( If you’re interested in some of the technological improvements to the next version of OS X, this is a must-read.

Some of these items were covered by the WWDC NDA previously, such as the formalization of resolution independence, major enhancements to OpenGL performance through offloading to another core, and Quicktime support for USB cameras.

But there’s also a few new pieces of information, or at least information I may have missed on my track:

>Leopard brings several new security enhancements to Mac OS X. The first of these is the adoption of the Mandatory Access Control (MAC) framework. This framework, original developed for TrustedBSD, provides a fine-grained security architecture for controlling the execution of processes at the kernel level. This enables sandboxing support in Leopard. By sandboxing an application, using a text profile, you can limit an application to being able to just access only the system features, such as disk or the network, that you permit.
>Also new in Leopard is code signing. This means that Leopard will be able to identify applications by using digital signatures and then use that identification to base trust decisions on.

It amuses me greatly that people continue to advocate that the only reason Apple hasn’t had a major OS X security exploit in over five years is because of market share, and not because they continue to make major advances in the security of the operating system.

As a colleague said after I pasted him this information: Sandboxing FTW.