• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Sandboxing. WTF?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sandboxing. WTF?

  • Subject: Re: Sandboxing. WTF?
  • From: Fritz Anderson <email@hidden>
  • Date: Mon, 28 May 2012 17:43:26 -0500
On 28 May 2012, at 4:30 PM, Shawn Bakhtiar wrote:

> First off (as much as I agree with the sentiment) isn't WTF profanity?

Yes it is. Personally, I never use it, but I'll pass it unaltered to preserve mail threads or to quote accurately.

> Second, and more to the point of my sentiment, and I hope someone on the Apple development team is reading this, have you people gone absolutely mad!

1. Sentiment isn't really what a technical mailing list is about. It's for mutual technical assistance, not torches and pitchforks.

2. There are some people from Apple who read these lists. They do so in their spare time. They are not in a position to influence policy. They do not generate bug reports from postings (go to bugreport.apple.com and file a report yourself). They are often very helpful, and flooding them with sentiments will just drive them away.

3. You're waking up nearly a year late. Apple documented this requirement last June. Apple has already been subjected to all the sentiment anyone can muster, and has made sandboxing entitlements more flexible in response. Sentiment, without documented use cases and concrete (I will add _informed_) suggestions for improvement, won't accomplish anything at this late date.

> Thankfully I write apps for custom in-house applications so no big deal to me, but even if I had too, why in God's name would I distro via the app store, when I can simply setup an old fashioned download on an e-commerce site for my app?!

Sandboxing isn't for everybody. Apple never said otherwise. As in so much of engineering, you choose your tradeoffs. If you can't sandbox, don't submit the app to the MAS.

The tradeoff is that most developers don't have the resources to handle publicity, distribution, updates, or worldwide payments, and the MAS does those things for them. (You can afford time and money to do those things for yourself? Fine. Not everybody can eat cake.) The MAS makes more money for most developers. With sandboxing, it also provides customers more assurance than they otherwise would have that the apps they buy won't damage or steal their data.

> it's a WHOLE other idea to have no technical users dealing with app signing issues, et al...

Eh? The app is signed by the developer. Apple countersigns it. The user never sees a signature, except that breaking a signature will break the app. As far as it goes, that's a good thing.

> how many Windows, Linux, etc, users actually get hacked via downloaded applications VS. going to some malicious website that uses OS/browser level vulnerabilities (how does sandboxing prevent, for example, flashback)? When 99% of all security breaches in companies are as a result of a disgruntled employee (from the inside), or sabotage (from the inside) what does sand-boxing REALLY prevent?
>
> Nothing. It prevents nothing.

Sandboxing does not prevent determined attacks from hostile insiders. It is also COMPLETELY USELESS at promoting sound practices of regular oral hygiene. Suggesting a system is 100% useless if it isn't 100% miraculous is a strawman.

My guess is that most of the real-world exposure Apple customers have is to Trojan applications, or applications that provide more capabilities to exploits than the apps themselves strictly need. Sandboxing an application mitigates the exposure through that app.

Sandboxing isn't 100% miraculous. Individual developers will have perfectly legitimate reasons to do things that would be serious security holes if those things were allowed to everybody. Those legitimate features will be frozen out. The implementation will have bugs for years to come, and it is alarming that Apple saw nothing wrong with making it compulsory before completely thinking it out.

Sandboxing can be an annoyance. But on its own terms, it's not an outrage. If you can't live with it, you're thrown back on distributing and selling your application yourself. Which is no worse than the position you were happy to be in a year ago.

	— F


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • RE: Sandboxing. WTF?
      • From: Shawn Bakhtiar <email@hidden>
    • Re: Sandboxing. WTF?
      • From: Charles Srstka <email@hidden>
References: 
 >Sandboxing. WTF? (From: Graham Cox <email@hidden>)
 >Re: Sandboxing. WTF? (From: Fritz Anderson <email@hidden>)
 >Re: Sandboxing. WTF? (From: Graham Cox <email@hidden>)
 >Re: Sandboxing. WTF? (From: Quincey Morris <email@hidden>)
 >Re: Sandboxing. WTF? (From: Graham Cox <email@hidden>)
 >Re: Sandboxing. WTF? (From: Quincey Morris <email@hidden>)
 >Re: Sandboxing. WTF? (From: Graham Cox <email@hidden>)
 >Re: Sandboxing. WTF? (From: Quincey Morris <email@hidden>)
 >Re: Sandboxing. WTF? (From: Mikkel Islay <email@hidden>)
 >RE: Sandboxing. WTF? (From: Shawn Bakhtiar <email@hidden>)

  • Prev by Date: Memory use
  • Next by Date: Re: Sandboxing. WTF?
  • Previous by thread: RE: Sandboxing. WTF?
  • Next by thread: Re: Sandboxing. WTF?
  • Index(es):
    • Date
    • Thread