Re: Sandboxing die.die.die
Re: Sandboxing die.die.die
- Subject: Re: Sandboxing die.die.die
- From: Todd Heberlein <email@hidden>
- Date: Wed, 22 Aug 2012 17:45:25 -0700
On Aug 22, 2012, at 4:37 PM, Graham Cox <email@hidden> wrote:
> Where life is made difficult is with more general access to the file system, which is a perfectly legitimate thing to do. A user stores various media all over the file system and there is no reason why an app shouldn't have access to it.
Except this is how cyber espionage works.
The "Pretty Girls" calendar application is a Trojan horse that, upon reaching a certain date (i.e., after it is approved by Apple), starts reading your Word/Pages document and exfiltrating them off the system.
Or the "Special Draw" application has a vulnerability, a user reads in a malicious document, and a command & control agent is dropped on your system.
I put together a little demo and video demonstrating this last example (it's actually a dig at the antivirus/security industry):
Glowing Embers: The Myth of the Nation State Requirement
http://www.netsq.com/Podcasts/Data/2012/GlowingEmbers/
Unfortunately, I too have problems with the Mac App Store restrictions, including no privilege escalation, but I do not have a good solution to recommend. :-\
Todd
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden