However, Leopard’s PIE implementation loads a program’s executable code into memory, and then moved it to a new, random address. Instant Hijack’s PIE support expected the program to be loaded at a random address. At that point, we discovered that Instant Hijack’s PIE support didn’t work correctly. That changed with Security Update 2008-002, which includes a copy of ssh and related utilities which were compiled using PIE. However, nothing on the system actually used this facility when Leopard shipped. Position-independent executables were available in Leopard from the start, and Instant Hijack was written to take them into account. The basic effect is to move programs such as ssh to a different place in memory each time they start, making it more difficult for an attacker to exploit them. PIE is related to address space layout randomization. So, what caused this issue? This was due to a bug in Instant Hijack and is related to a new security feature in Leopard called position-independent executables (PIE). The company suggested users to download the updates to its programs.
The problem causes SSH and other programs crash on Leopard machines. Rogue Amoeba Software released a compatibility fix for its Instant Hijack component that is often installed by the company's Airfoil, Audio Hijack Pro, and Nicecast applications. Discussion boards are breaking with reports of SSH and printer problems caused by Apple's late Tuesday release of Mac OS X's Security Update 2008-002.
0 kommentar(er)
