• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
RE: New Spotlight Info
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: New Spotlight Info

  • Subject: RE: New Spotlight Info
  • From: "M. Uli Kusterer" <email@hidden>
  • Date: Tue, 9 Nov 2004 15:52:31 +0100
At 14:30 Uhr +0000 09.11.2004, Oliver Donald wrote:
Couldn't Spotlight just run the importer under a user with absolutely minimal priviledges? Say, only read access and only to the file it's path points to.

The thing is supposed to index your hard drive. I don't see where minimal permissions would be of much use there. If it gets installed automatically, it could still send your pr0n collection to your boss.

But if it only got installed upon first launch of your app, at the least, it would need read access to itself (in case it needs any files like lookup tables from its bundle) and to the file it's supposed to index. In addition, it may want to keep a prefs file or a log file, so it'd also need read/write access to those (write access to the prefs is arguable, I guess).

Finally, you may want to keep your file-reading code in a central place, e.g. in a Framework, so you don't have to duplicate it in the app and the plugin, so it'd need read access to that as well.

And that's only for the uses that are readily anticipated. I would guess there are many smart things you could do from such a plugin, like have several plugins convert data and then pass it on to another "master plugin" someone else wrote, downloading a list of keywords or format definitions from the web and caching it locally to then use them in generating the metadata from the file, or even cleverer hacks, which would need more permissions.

So, I guess the smarter approach would be to prevent malicious code from loading at all instead of trying to restrict the damage it can do afterwards. Though I admit that having a special user for indexing (which wouldn't be an admin user, obviously) is definitely a good idea.
--
Cheers,
M. Uli Kusterer
------------------------------------------------------------
"The Witnesses of TeachText are everywhere..."
http://www.zathras.de
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >RE: New Spotlight Info (From: Oliver Donald <email@hidden>)

  • Prev by Date: Digital Video Broadcast
  • Next by Date: Make a NSThread fall asleep and awake it.
  • Previous by thread: RE: New Spotlight Info
  • Next by thread: Detecting mouse clicks in a PrefPane
  • Index(es):
    • Date
    • Thread