• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
More sandblasting (oops, I mean sandboxing die die die)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

More sandblasting (oops, I mean sandboxing die die die)

  • Subject: More sandblasting (oops, I mean sandboxing die die die)
  • From: William Squires <email@hidden>
  • Date: Mon, 03 Sep 2012 16:58:05 -0500
  Why should sandboxing on MacOS X even be necessary, seeing as we already have the Unix file permissions (and ACLs) to handle who can/cannot read/write to a file or directory? The only time I can see needing an entitlement is if you write low-level stuff (IOKit, kext's, USB drivers, 'fixit' utility programs, etc…) that could be hijacked by malware (and that normally run as root, or that spawn or talk to low-level services/daemons that do.) User-land programs shouldn't be able to write anywhere but the user's folder and subfolders thereof anyway.
  I can see the benefit of taking a more security-related stance on a closed platform like iOS so as to make writing malware harder, but for a general-purpose computing platform, this'll just put unnecessary roadblocks in the way of newbies who want to develop for it… Unless Apple's geniuses can figure out a way to simplify the whole shooting match to a one-click solution! :)

i.e.

1) Request a CSR from the Keychain Access.app
2) Upload the certificate to Apple  – once you login, anyway – via developer.apple.com/devcenter/ios/index.html or developer.apple.com/devcenter/mac/index.html; whichever.
3) Get back – and download – a simple digital 'token' file you can put on any development machine you own or have (legal) access to (i.e. that's tied to your apple ID) and Xcode will take care of the rest, including separating out the important bits (public/private keys, talking to keychain access to update said keys, code signing, creating entitlements, etc…)
4) Compile your iOS/MacOS X program after setting the entitlements (select the 'project' in the project pane, so you see the info panel in Xcode; a tab panel will then allow you to select the entitlements' – some selections will be pre-set based on static code analysis – checkboxes.)
5) Upload to a device (if iOS), or to the Mac/iOS App Store!
Presto!

As it is, there's a whole sh*tload of steps between 2 and 4 now (and that replace step 3). Boo!


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: More sandblasting (oops, I mean sandboxing die die die)
      • From: Graham Cox <email@hidden>
    • Re: More sandblasting (oops, I mean sandboxing die die die)
      • From: Todd Heberlein <email@hidden>
    • Re: More sandblasting (oops, I mean sandboxing die die die)
      • From: Todd Heberlein <email@hidden>
  • Prev by Date: Re: System Menu Bar
  • Next by Date: Re: How to insert a "screen-only" character in an NSTextView?
  • Previous by thread: Re: System Menu Bar
  • Next by thread: Re: More sandblasting (oops, I mean sandboxing die die die)
  • Index(es):
    • Date
    • Thread