6.2. Sandbox
In all versions of OS X previous to Leopard, access control restrictions were limited to a security model referred to as Discretionary Access Controls (DAC). The most visible form of DAC in OS X is in its implementation of the POSIX file-system security model, which was discussed heavily in detail in Chapter 4. The POSIX model establishes identity-based restrictions on an object in the form of a subject's user or group membership. Similarly, Access Control Lists are a form of discretionary control, though as we learned they are far more extensible and discrete then the POSIX model. In such models, newly created objects or processes inherit their access rights based upon those of the creating subject, so that any spawned objects ...
Get Enterprise Mac Security: Mac OS X Snow Leopard now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
