Re: creating temp files or temp folders in standard temp file locations in mdimporter on Mac OS X 10.8.3
Re: creating temp files or temp folders in standard temp file locations in mdimporter on Mac OS X 10.8.3
- Subject: Re: creating temp files or temp folders in standard temp file locations in mdimporter on Mac OS X 10.8.3
- From: Kyle Sluder <email@hidden>
- Date: Mon, 03 Jun 2013 08:08:11 -0700
On Jun 3, 2013, at 1:17 AM, Quincey Morris <email@hidden> wrote:
> On Jun 1, 2013, at 14:04 , Kyle Sluder <email@hidden> wrote:
>
>> Spotlight importers run within a worker process; thus, they inherit the
>> sandbox of the worker process, not the sandbox of your app (which might
>> not even be running).
>
> The part of this line of thinking that I don't understand is why the worker process, whatever it is, shouldn't have access to a temporary directory of its own.
Well, from a security standpoint, you might start from the opposite point: why should an mdimporter plugin be able to write to the filesystem at all?
It doesn't help that Spotlight traditionally reuses worker processes for multiple mdimporters, and you can't re-sandbox a process at runtime. But the notion of reusing worker processes seems antithetical to sandboxing anyway, so hopefully that technique isn't a stumbling block anymore.
--Kyle Sluder
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden