Mac OS X "Leopard" to have extended access control
Apple is giving the forthcoming OS X version 10.5 "Leopard" an extended access control system. The new functions should, according to an announcement on Apple Developer Connection, include a mandatory access control (MAC) framework and code signing. The new MAC framework will, for example, allow access rights for a process to be restricted to certain objects and system resources, such as files, network connections and other hardware. MAC modules mean that in such a framework security models can be upgraded at the kernel level. In addition the kernel should be able, with the help of digital signatures on executable files, to decide which access rights are granted to a program.
Comparable access control systems are used by, for example, the security extensions SELinux and TrustedBSD. The SEDarwin project, an offshoot of TrustedBSD, may have provided the template for the MAC framework for Leopard. An experimental preview version for the Darwin kernel of the current OS X version 10.4.7 "Tiger" is available to download from the project website.
- Leopard Technology Overview, announcement on Apple Developer Connection