SUIDGuard

The OS X security extension.

Download here Current version: 1.0.6

What is SUIDGuard?

SUIDGuard is a TrustedBSD kernel driver that implements several mitigations to protect against weaknesses usually involving SUID/SGID binaries.

  • protects SUID/SGID root binaries from DYLD_ environment variables by overwriting the string DYLD_ with XYLD_
  • protects the O_APPEND flag usually used when opening e.g. logfiles from being disabled by someone with credentials that are different from those used to open the file
  • disallows execution of executables without a __PAGEZERO segment (protects against NULL page exploits like tpwn)

Tested with OS X Yosemite 10.10.5.

License

SUIDGuard is licensed under the BSD License. If you are using SUIDGuard to guard servers powering commercial services, consider donating a few bucks to us via PayPal or with bitcoins: 1Gs39frAj4v6su3xVMsFa3hVXq9fwSNRhJ.