Re: Sandboxing. WTF?
Re: Sandboxing. WTF?
- Subject: Re: Sandboxing. WTF?
- From: Kyle Sluder <email@hidden>
- Date: Tue, 29 May 2012 10:34:51 -0400
On May 28, 2012, at 8:49 PM, Graham Cox <email@hidden> wrote:
>
> The current implementation of sandboxing is extremely clunky,
True.
> full of holes,
Not so much. If anything it leans towards over-restrictiveness rather than errant permissiveness.
> and solves no real problems.
False. It solves the problem of applications being unable to express their intended boundaries to the operating system. Without that information the OS can't help protect the user from malicious content or add-ons that will attempt to exploit the host app's lack of boundaries.
> If it were revoked tomorrow, I can't believe anybody here would mourn it - honestly?
This current implementation? Probably not. A better implementation? Definitely.
Security is one of those features you only care about when you notice it's missing. In the case of security, you usually notice when US-CERT sends out an advisory.
--Kyle Sluder
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden