Re: Sandboxing. WTF?
Re: Sandboxing. WTF?
- Subject: Re: Sandboxing. WTF?
- From: Mikkel Islay <email@hidden>
- Date: Mon, 28 May 2012 13:17:21 +0200
On 28 May 2012, at 07:58, Quincey Morris wrote:
> On May 27, 2012, at 22:40 , Graham Cox wrote:
>
>> People will always click "Allow" if it gives them an easy life.
> I don't know of any solution to that, though I guess asking is better than not being forced to ask. Perhaps the app store review process takes note (or will take note) of such dialogs with the user, and rejects apps that seem to be asking for something egregious?
>
The obvious solution to that problem, then, is to rebrand users as malware too, and restrict their access to the system accordingly. :)
It is striking that the source for apps Apple has the most control over (the App Store), imposes the most fine-grained restrictions, whereas non-App Store apps is/will be, able to get away with mere code-signing.
If sandboxing is meant to secure the user, as you suggest, by treating "garden variety" apps as malware, and relying on the user to grant privileges to user data, it seems counter-productive to rely on those restrictions for App Store-apps, which will be considered intrinsically trust-worthy by most users. As you point out, software can be malicious entirely within the remit of its intended functionality.
Rather, I think, sandboxing exists to limit the impact of malicious code manipulating the ObjC-runtime environment, and to limit Apple's liability (legal and perceived) for attacks against apps it distributes.
Mikkel
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden