Re: Sandbox Clarification
Re: Sandbox Clarification
- Subject: Re: Sandbox Clarification
- From: Sean McBride <email@hidden>
- Date: Thu, 31 Jan 2013 09:24:06 -0500
- Organization: Rogue Research Inc.
On Thu, 31 Jan 2013 10:54:54 +1100, Graham Cox said:
>> - allow specific paths (com.apple.security.temporary-
>exception.files.absolute-path.read-write)
>> - allow full access (com.apple.security.temporary-
>exception.files.absolute-path.read-write with the path "/")
>
>
>One question is whether anyone, anywhere has ever got these entitlements
>past the app store guardians? I know I haven't, and had to do an
>extensive rewrite of one part of my app to get around it, no negotiation
>possible. It seems that while the OS developers have given these to us
>as a necessity, in practice they are useless because you'll never get
>their use approved.
You are conflating issues. They are only "useless in practice" if you distribute with the app store. If you distribute otherwise, they are plenty useful: you can use the temp entitlements to get other App Sandbox benefits even if you grant yourself full file system access. At least then if your app is compromised there is still protection for network, microphone, camera, etc. It's all about limiting the attack surface after all...
Cheers,
--
____________________________________________________________
Sean McBride, B. Eng email@hidden
Rogue Research www.rogue-research.com
Mac Software Developer Montréal, Québec, Canada
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden