Category Archives: Authorization

On the new Lion security things

This post will take a high-level view of some of Lion’s new security features, and examine how they fit (or don’t) in the general UNIX security model and with that of other platforms. App sandboxing The really big news for … Continue reading

Posted in Authentication, Authorization, Codesign, Mac, PCAS, sandbox | 4 Comments

On authorization proxy objects

Authorization Services is quite a nice way to build in discretionary access controls to a Mac application. There’s a whole chapter in Professional Cocoa Application Security (Chapter 6) dedicated to the topic, if you’re interested in how it works. The … Continue reading

Posted in Authorization, code-level, Mac, PCAS, software-engineering | Comments Off on On authorization proxy objects

On the extension of code signing

One of the public releases Apple has made this WWDC week is that of Safari 5, the latest version of their web browser. Safari 5 is the first version of the software to provide a public extensions API, and there … Continue reading

Posted in Authorization, Browser, Codesign, Crypto, Mac, Windows | Comments Off on On the extension of code signing

Why OS X (almost) doesn’t need root any more

Note: this post was originally written for the Mac Developer Network. In the beginning, there was the super-user. And the super-user was root. When it comes to doling out responsibility for privileged work in an operating system, there are two … Continue reading

Posted in Authorization, Mac, PCAS | Comments Off on Why OS X (almost) doesn’t need root any more