Leopard's Sandbox Feature

As part of OS X 10.5, Apple has included a sandboxing feature, supposedly similar to systrace in OpenBSD or AppArmor on GNU/Linux. As an early adopter of Leopard, I was interested in testing this feature to lock down applications. Unfortunately, I discovered that Apple's sandboxing technology is less than mature when compared to competing technologies.

Discussing the security of Leopard on its website, Apple proclaims sandboxing as a new and enhanced security feature:

Sandbox tested.

Sometimes hackers try to hijack an application to run malicious code. Sandboxing helps ensure that applications do only what they're intended to by restricting which files they can access, whether they can talk to the network, and whether they can be used to launch other applications. Helper applications in Leopard, including the software that enables Bonjour and the Spotlight indexer, are sandboxed to guard against attackers.

Unfortunately, as of this blog date, I've been unable to find any official Apple documentation on it, and the sandboxing API appears to be less than mature. Leopard ships with 14 sandbox policy files, one of which warns:

; WARNING: The sandbox rule capabilities and syntax used in this file are currently an
; Apple SPI (System Private Interface) and are subject to change at any time without notice.
; Apple may in future announce an official public supported sandbox API, but until then Developers
; are cautioned not to build products that use or depend on the sandbox facilities illustrated here.

By default, the provided sandbox policies aren't even used by OS X to protect many of the daemons which run by default: such as syslog or ntpd. To enable sandbox protection on these services, the files /System/Library/LaunchDaemons/com.apple.syslogd.plist and /usr/libexec/ntpd-wrapper have to be edited.

Furthermore, many of the default sandbox policies contain concerning comments such as the following in ntpd.sb:

(allow process*)
; These were commented out, I think that was a pre-WWDC bug that has been fixed
; and they can be brought back, and the above line removed:
; (allow process-fork)
; (allow process-exec (regex "^/usr/sbin/ntpd$"))

Notably, removing the top line and uncommenting would presumably result in better security for the ntpd process, as arbitrary exec*() calls would be disallowed.

Hopefully in future revisions of Leopard, Mac users will see the following:

1. A sandbox policy generation tool, such as those which come with systrace or AppArmor.
2. A full set of sandbox policies for common applications, including Safari and Mail.
3. A more encompassing set of policies turned on by default.

Until then, sandboxing on OS X appears to be a less-than mature experiment in providing additional security to Mac users.