• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: FSCopyObjectAsync: useless and crippled
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FSCopyObjectAsync: useless and crippled

  • Subject: Re: FSCopyObjectAsync: useless and crippled
  • From: Hamish Allan <email@hidden>
  • Date: Mon, 16 May 2005 10:54:11 +0100
On Sun, 15 May 2005 09:35:59 -0500, Mitch Tishmack <email@hidden> wrote:

But the biggest argument against such a change is this: if a trojaned
app were to be allowed to run and then implicitly present this
authentication dialog to the user, absolutely nothing (permissions
wise) is stopping it from overwriting system applications with some
of its own. This is a HORRIBLE security idea and shouldn't be
implemented by any operating system.

If a trojaned app were to be allowed to run and then *explicitly* present this authentication dialog to the user, absolutely nothing is stopping it. Are you arguing that there should be no way for any user's privileges to be elevated, short of logging back in again as root?!

Permissions are the
responsibility of the user and administrator (if applicable). The
application is supposed to honor those permissions, not hope for the
api to ignore the permissions behind the scenes. mv and cp behave
this way, our apps should too.

Yes, but sudo mv and sudo cp work exactly the way we want them to, and our apps should too.

The problem is that users are becoming more and more accustomed to typing in their admin password at the drop of a hat. Personally I would be happier if there were support in the operating system for a dialog that couldn't be mimicked which made a guarantee like "the password you supply here will only be used to copy such-and-such files".

If your current user doesn't have read access to a file. You throw up
a dialog stating I can't open that file since you don't have
permission to access it. The same goes for writes. Users have home
directories for a reason; allowing them to look into others' home
directories or system directories is not a wise decision.


Administrators are users too, you know! Not all of us log in as root ;)

Best wishes,
Hamish


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: FSCopyObjectAsync: useless and crippled

      • From: Ondra Cada <email@hidden>
      • 



    

  • Prev by Date:
Changes to NSNetService in Tiger

    • 

  • Next by Date:
Re: From Panther to Tiger

    • 

  • Previous by thread:
Re: FSCopyObjectAsync: useless and crippled

    • 

  • Next by thread:
Re: FSCopyObjectAsync: useless and crippled

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •