constantly.at

Leopard sandboxes are flexible and interesting. They’re apparently compiled from Scheme programs (sandbox-compilerd embeds TinyScheme) that live in /usr/share/sandbox. You can break sandbox-compilerd open in TextEdit and read the compiled-in Scheme code; they’ve got a lot of the bases covered, including obscure stuff like SYSV IPC, the BSD sysctl interface, and signals. 

http://www.matasano.com/log/981/a-roundup-of-leopard-security-features/

This entry was posted on Tuesday, October 30th, 2007 at 04:33 and is filed under Lisp. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.