Apple To Require Sandboxing For Mac App Store Apps 584
mario_grgic writes "And so it begins: Apple will require that all Mac apps submitted to the Mac App store stick to strict sandboxing requirements. This means you must ask Apple for read or read/write entitlements for additional folders outside your Application Support folder before your app is approved. There are also restrictions on direct hardware access, communication to processes your app did not start, or even something simple as taking a screenshot. All that is needed after this to turn your Mac into an appliance is to only allow app installations from App Store."
Cue Apple fans saying "That could NEVER happen" (Score:4, Insightful)
All that is needed after this to turn your Mac into an appliance is to only allow app installations from App Store.
I've made the argument that this is exactly where Apple is headed for a long time now. I'll summarize the responses you're going to get:
Of course, the second that Apple announces that they ARE, in fact, locking down the Mac's too, I suspect you'll see one of two responses (should be interesting to see how it goes):
Re:Cue Apple fans saying "That could NEVER happen" (Score:5, Insightful)
You forgot a couple of answers:
- Who the f*ck cares, as long as it works.
- Why do you care, just don't use the Mac App Store, don't upgrade your OS to the version that locks you out, or don't use a Mac.
-dZ.
Things you can't do on Windows or Linux (Score:2)
or don't use a Mac.
That depends on how successful Apple and Microsoft are at suing Android out of existence. If they succeed, mobile app development will pretty much require using a Mac.
Re: (Score:3)
Developing for WP7 requires a mac?
Re:Things you can't do on Windows or Linux (Score:5, Funny)
People are developing for WP7?
Re: (Score:3)
Yep.
Re: (Score:2)
Strictly, yes: I bet at least two people are hacking out fart apps as we speak.
Re: (Score:2)
Would develop* the death of android would not prompt an exodus to apple but to wp7, most people who own an android specifically chose not to go apple cause of apple bs, and while microsoft has their share, it's not nearly as bad.
Then again the death of android is only speculative by people who are not even close to being qualified to make that judgement (slashdotters), so I'll be enjoying my android for a long time to come I'm sure.
Re: (Score:3)
Lots of people who are slashdotters are the ones writing the software to be deployed in future. 2 years ago I had iPhone projects out the wazoo (before that it was Nokia/Qt and blackberry), last year it was blackberry because we're close to RIM and they gave us free stuff, along with iPhone and QT was gone, this year it's android, and next year we're slated for WP7.5 or WP8.
Windows phone development is pretty easy, and I have a suspicion they can angle into the business market from RIM, while still tying i
Re: (Score:3)
You do realize that Gartner is basically a subsidiary marketing division for Microsoft right? And has been for what, 15 years? Their reports ALWAYS favor Microsoft. Shit, they probably said Bob was going to take over the world. You really have to be dense to believe anything they 'report' on.
Re: (Score:3)
That was intended to be a facetious reply to a rhetorical question. Nothing serious.
>Their reports ALWAYS favor Microsoft
Like this one? The first Google hit?
http://www.eweek.com/c/a/Messaging-and-Collaboration/Gmail-Now-Credible-Rival-to-Microsoft-Exchange-Gartner-617996/ [eweek.com]
Your comments NEVER favor Microsoft though. :) People have to be dense to believe you?
What is WP7's killer app? (Score:2)
No native code, no Emit (Score:3)
Re: (Score:2)
Which one isn't the Evil Company?
Re: (Score:2)
Ironic:
http://www.youtube.com/watch?v=R706isyDrqI [youtube.com]
Re:Cue Apple fans saying "That could NEVER happen" (Score:5, Insightful)
There's nothing wrong with the sandboxing model per se. It's probably the only way to make our computers more secure. That Apple is moving in that direction should not be surprising: they make idiot-ready software (also known as good software), and you can't really have security and idiot friendliness without a trusted 3rd party to sort out the nitty-gritty details.
It should also be unsurprising that Apple moves to an authoritarian model where it and it alone can act as the trusted 3rd party. Almost everything Apple does is to maximize clout and control over the product environment. Apple is a control freak: it's profitable and risky, it almost got them killed when the PC revolution happened.
I would much rather like to see a sandbox where multiple private companies publish application profiles and the consumer choice is maximized; that's a nice role for the AV companies to play, move from a blacklist to a whitelist model. Should such a company turn into Big Brother, limit the consumer choice and push it's own interests, the consumers can easily move to a different "security provider".
Re:Cue Apple fans saying "That could NEVER happen" (Score:4, Insightful)
There's nothing wrong with the sandboxing model per se. It's probably the only way to make our computers more secure. That Apple is moving in that direction should not be surprising: they make idiot-ready software (also known as good software)
I take exception to this.
"idiot-ready" software is good software... for "idiots".
(Of course, they're not really idiots, most of them - they're regular people who desire a simple level of interaction with their computer. But I'm just running with the "idiot-ready" terminology there.)
That approach to software design is "one size fits most" - but it's not "one size fits all" because the limitations of a simple UI will inevitably interfere with (or at least fail to support) something that someone is trying to do. When your expectations and skills pass a certain threshold, a simple UI is not necessarily a good UI.
Re: (Score:3)
Excellent. I have never seen all this common sense about this matter summarized in a post so briefly without resorting to typical "fanboy-ish" claims.
Someone should mod this up!
Re: (Score:2)
"idiot-ready" software is good software... for "idiots".
No, it's not. That's a myth started to defend the quality of OSS software and perpetuated by people who think they're above the masses because they know how to turn on encryption on their WiFi router.
"Idiot Ready" actually means 'thoughtfully designed'.
Re: (Score:3)
To put it another way, Apple's current design methodology is centered around the notion that people should not have to think about how to use their computers. Let me emphasize the important part: people should not have to think. If the term "idiot" does not properly convey the notion of someone who is not willing or able to think, I am not really sure what would.
I respectfully disagree. In most cases the average person's goal is not to use a computer. Their goal is to send/receive email or keep up with what is going on in their family (via a social media site) or edit and print their photos. The computer is just a tool to accomplish those goals, not a goal in and of itself. For these very common use cases, good UI design enables the user to accomplish their goals without having to get involved in the details of how the tool accomplishes the goal. Looking at a
Re: (Score:3)
Ironically, the fact that bash on Mac OS X does not let you overwrite files when you redirect a program's output was an annoyance yesterday. Before anyone asks, yes, we did read the manual and found out how to disable that feature.
WTF?
You didn't accidentally do set -C, did you? /etc/bashrc in Snow Leopard, at least, does
and that's it.
Re: (Score:3)
To be honest, it was not my Mac, and I have little knowledge of what its owner had done before I touched it (but he seemed equally annoyed).
Perhaps he accidentally did set -C, then.
The point was more about features that stop you from overwriting files than about Mac OS X.
Then it would more accurately have been stated as "Ironically, the fact that bash on a coworker's machine did not let you overwrite files...", or something such as that, so as to clearly indicate that it had absolutely nothing to do with Mac OS X. I.e., you can't blame that one on Apple.
Yes, features that prevent you from doing things can be annoying (and, yes, that sometimes goes for dialog boxes, e.g. if I just want to dump something to /tmp/patch - or, given e.g
Re: (Score:3)
You have a fundament flaw in your reasoning (and it's a very popular one these days). You're asserting that "anyone who doesn't want to spend mental effort on the stuff I find appealing must lack the ability to spend mental effort at all". Which is arrogant bullshit, and illustrates the difference between "geek" and "smart".
There are a few areas of interest that will make a real difference to almost anyone's quality of life. All the rest, such as complicated software, if they're not tools you need profes
Re:Cue Apple fans saying "That could NEVER happen" (Score:5, Informative)
You seem to misunderstand what the sandbox is. OS X has had a set of APIs for sandboxing applications since 10.5. The sandbox(7) man page will tell you a lot about it. This comes with a few default policies, and you can add more. If you download an app and don't trust it, then you can start it in a sandbox (there's no GUI for doing this, which sucks, but it would be a few hours work to add one).
This isn't an 'authoritarian model' any more than the UNIX process model is: the kernel is the authority and any application has to go begging to it for access to anything. You can ship your own sandbox policies if you want to implement privilege separation and so on in your OS X application, and a lot of Apple's programs use it already, and have for a while - you may remember a mDNSResponder vulnerability that only affected 10.4, because it ran in a sandbox on 10.5. You can see the sandbox definition that mDNSResponder uses and it's pretty trivial to put something similar together for your own daemon.
The only difference now is that Apple is defining a sandbox profile for normal applications and forcing developers to use it if they want their application in the App Store. It is not a whitelist of applications, it's just a default security policy that applications must work with. This is like Microsoft requiring applications to work as non-Administrator users for the Designed For... certification, or a Linux distribution rejecting suid root apps from the default repository.
Re:Cue Apple fans saying "That could NEVER happen" (Score:5, Interesting)
Well, it's more like a range of default security policies tailored to the application, but yes. Apple has created a series of multiple high-level sandbox profile options that your app can choose from, depending on what it needs to do. If you are selling your apps on the Mac App Store, Apple vets those options to ensure that they make sense based on what your application does. If you aren't selling your app on the Mac App Store, this does not affect you at all, though you are strongly encouraged to sandbox your app because doing so makes the platform more robust against viruses, etc. At that point, the onus is on you to make sure that the options you choose are sane.
The big thing that makes the 10.7 App Sandbox different from the prior incarnations is the addition of PowerBox. By moving the open and save dialogs into a separate (system-provided) application that has the ability to add entitlements (capabilities) to your application's sandbox on the fly, it means that your app can access the files that the user specifies, and nothing else (outside of your app's personal scratch space). This is a significant win for security, as it puts the user directly in charge of what files an application can access.
I could go on for a while about privilege separation and techniques for making your app more secure, but that's a bit out of scope for this discussion forum. Go read App Sandbox Design Guide [apple.com] if you want more details.
Also, according to MacWorld, the original deadline was November (Source: MacWorld [macworld.com]). The news is that Apple pushed the deadline out by four months, not that Apple is going to require sandboxing. That story is so out of date that when I first heard it, I fell off my dinosaur.
Re: (Score:2)
"...sandbox where multiple private companies publish application profiles and the consumer choice is maximized..."
Like SSL certificate authorities? Yea there are no holes in that model.
Re: (Score:2)
I would much rather like to see a sandbox where multiple private companies publish application profiles and the consumer choice is maximized; that's a nice role for the AV companies to play, move from a blacklist to a whitelist model.
The multiple authorities model hasn't worked out so well for HTTPS recently. This year a number of Certificate Authority companies have been compromised.
Should such a company turn into Big Brother, limit the consumer choice and push it's own interests, the consumers can easily move to a different "security provider".
"Security provider"? Most people have trouble reasonably choosing between rival electricity and gas providers. Or just couldn't be bothered. And that is for something they understand. What the fuck is a "security provider" to 99% of the population? It's an unwanted complexity that they don't understand, that's what. Trusting Apple to do what's reasonable
Re:Cue Apple fans saying "That could NEVER happen" (Score:5, Insightful)
How are they isolating developers? I develop on the Mac and constantly install development software all the time. Know how many development related bits I've had to install via AppStore? -- ONE -- The latest version of XCode after it went to public release.
The AppStore is for CONSUMERS, there will never be a full lockdown because forcing every software writer to release through the AppStore would kill OS X as a development platform. Even XCode requires a whole bevy of gnu utilities. OS X is a full fledged UNIX and as such, you'll always be able to do *Nixy things such as wget/curl a file, gunzip, configure and make.
What Apple does with their CoCoa Framework and native apps is up to them, but as long as they are a UNIX, they'll never have the ability to stop apps written in C, Java, Python, Bash, Perl, PHP or Ruby from doing whatever the hell they please.
The day they do, is the day OS X leaves the Unix fold and becomes something else. And if that happens, you can bet your sweet ass that Apple will be dead within 3 years.
I'm not so sure (Score:3)
"OS X is a full fledged UNIX and as such, you'll always be able to do *Nixy things such as wget/curl a file, gunzip, configure and make"
I wouldn't bet on it. Its entirely possible to make the kernel limit what a user can do above and beyond a chroot jail - SELinux does it already. That doesn't make it any less of a version of unix. All you'd see on the command line is the "Operation not permitted" error and that would be that.
As for apple being dead if they messed about with the unix roots of OS/X , very un
Re: (Score:2, Troll)
If they chrooted Darwin to the point that every app had to have Apple granted permissions to do *anything* on the list of AppStore sandbox privileges, then Apple would indeed be dead in a very short time.
iOS is already stagnant in the Smartphone marketshare reports while Android keeps growing and gaining new product platforms. Granted, iOS still has a huge install base, but the day that Apache can no longer access the internet and PHP/RoR scripts can't access the file system or make network service calls, i
Re:Cue Apple fans saying "That could NEVER happen" (Score:5, Insightful)
The AppStore is for CONSUMERS, there will never be a full lockdown because forcing every software writer to release through the AppStore would kill OS X as a development platform. Even XCode requires a whole bevy of gnu utilities. OS X is a full fledged UNIX and as such, you'll always be able to do *Nixy things such as wget/curl a file, gunzip, configure and make.
I believe this is true for the time being. However, using words like "never" and "always" is a bit short-sighted. Desktop and laptop computers have traditionally been fairly open platforms in terms of what the user is allowed to do - but there is no reason to assume this will continue to be the case. If someone wants to change that, it will be a slow, difficult process to change user expectations to a point where they accept that loss of control - but it can be done. People have already accepted mobile phones as a fairly closed platform, and some contend that phone use is displacing most "personal computer" use - which means that the experience people get with their phones is redefining users' expectations of interaction with their computers.
OS X is currently a "full fledged UNIX" - this can change.
XCode requires a bunch of GNU stuff - that can change.
What do they gain from further restricting their platform? They gain a greater ability to simplify the user experience (which is a good thing for many users) and redefine various aspects of the OS that could be hard to do otherwise... And they gain status as a gatekeeper for the platform, a middleman who can extract money for every piece of software sold on the platform - much like what they enjoy on the iPhone platform, or what game console manufacturers enjoy.
One possible approach would be to give developers the same level of control they have now - but marginalize them. Charge them an extra $300 for the version of OS X that lets them do developerry things, or block developer machines from accessing the app store (apart from developer tools) - things like that. Things that would yield the desired level of control over most Mac systems, simply because most users wouldn't want the disadvantages (additional cost or reduced capabilities) that come with a development-capable machine.
I hesitate to say "Apple could do such-and-such" because I feel like that conveys the idea that I think this is likely to happen in the near future. My point is that it could, and it's silly to assume that it won't. The landscape of computing is changing, as it is bound to do over time. It's easy to assume that the status quo is some static, unchangeable thing, but it really isn't. Within the bounds of what users are willing to accept (even grudgingly, at first), the company in control of the platform can do whatever they like.
Re: (Score:2)
You don't know the future. Neither do "Apple fans". What's the point of arguing about what might or might not happen at some unknown time in the future? What's the point of getting upset about something that hasn't happened and hasn't even been proposed?
Is reality too boring that you have to make up stories and be upset about them? Or is reality too upsetting that you have to make up stories to feel better? Why should anyone else care one way or another about the your made-up stories?
Re: (Score:2)
The RACE to PALLADIUM!
Who'll get there first? Apple? Intel/McAfee?
Re: (Score:3)
Why would an IT guy "love" something that is limited and limiting?
We're the people that are ahead of the curve. We're already past where Apple wants to lead people to. Thus we tend to chaffe at the limits they set.
Apple already had a nice implementation of Unix that didn't include any of the draconian Big Brother nonsense. They already disproved the idea that general purpose systems have to be crap and infested with malware. All the screeching that your chains are really for your own good make no sense in l
Why is this such a bad thing? (Score:2, Insightful)
Why, at a technical level, is this so bad?
Because... uhh... uhhh.... uuhh... SCREW Apple!!
Haters gotta hate.
Re:Why is this such a bad thing? (Score:5, Insightful)
Sandboxing applications isn't so bad, and I think this is correct and inevitable. The fear comes purely from the fact that Apple has historically been very abusive with its app store policies, they aren't there purely to ensure security but are also used to simply crush apps some Apple executive didn't like, eg the "no competition" clauses.
Given Apples flaky approach to app store approvals, it's not unexpected that many people see this as the end of the Mac as an open(ish) computing platform. Given there aren't very many platforms, Microsoft tends to follow Apples lead these days, and Linux has never overcome its problems to go mainstream - that's a cause for concern indeed.
The good news is that there is Android, which gets it right - strong app sandboxing with an opt out checkbox you can tick if you want to. And it's open source so even if it stops being right tomorrow (unlikely), it's still a strong foundation others could build off. The bad news is that Android does not run on laptops or desktop machines, and does not have the enormous collection of industrial-strength apps like Photoshop, Office etc that MacOS/Win32 does.
Re: (Score:2)
Why even mention Android? We have Linux, Windows, BSD, and other operating systems for the desktop. Also, this ONLY applies to applications sold in the App Store. You can still download directly from a vendor, or buy a DVD/CDROM from your local software retailer.
Re:Why is this such a bad thing? (Score:4, Insightful)
Showing need != showing machine-readable need (Score:2)
No app should have permissions to do something it can't show good need for.
The problem is that there exist things that an app can show good need for that are not possible using the machine-readable need-showing mechanism that Apple is set to provide.
Re: (Score:2)
The problem is that there exist things that an app can show good need for that are not possible using the machine-readable need-showing mechanism that Apple is set to provide.
That's OK, they can let Siri do it.
Where is the problem? (Score:2)
The problem is that there exist things that an app can show good need for that are not possible using the machine-readable need-showing mechanism that Apple is set to provide.
Which a user can still install outside the app store.
Eventually the permission models will encompass enough functionality it will be possible - but in the meantime users get a fleet of far more secure applications and a far more secure system.
The only downside is a handful of applications that cannot be sold through the app store - but
Re: (Score:2)
Re: (Score:2)
"...detrimental to the users..."
I've yet to see an intelligent balanced argument to support this general statement. Yes, there have been things here or there that may have adversely affected some users in some way, but usually as a trade off for helping more users or providing more helpful services.
Anyway let me fix this for you... I believe what you meant to say is "...detrimental to certain ideologies..."
It's perfectly natural to be worried when the illusion of control is wrestled away from you, but the q
Re: (Score:2)
Why, at a technical level, is this so bad?
Ok, for starters it's another innovation killer. By Apple bolstering it's control of the platform, in yet another authoritarian way, it raises the frustration level for the developer and many would-be developers. "Code. Build. Innovate.". Yeah, riiiight.
Secondly, if I'm a developer doing something new and cool, maybe I don't *want* to reveal how I'm doing it. Maybe I don't want to make it easy for anyone, including Apple, to copy my application. It's my code, not Apple's and there are several incidents wher
Re: (Score:2)
"And so it begins...", from the summary, strongly implies disapproval.
Re:Why is this such a bad thing? (Score:5, Informative)
This basically makes 3rd-party software - like you get from Fink, for example - non-existent, as far as a Mac user is concerned, because all software for Macs will have to be retrieved from this "app store".
You're spreading FUD.
Software for Macs will NOT have to be retrieved from the app store only. This does not kill 3rd-party software or Fink. This announcement ONLY applies to applications that are voluntarily listed in the app store by their developers. Developers do not have to use the app store to distribute their apps.
It is possible that Apple may someday require all apps go through the app store, as you suggest, but that's not what this announcement is about.
Re: (Score:2)
Re: (Score:2)
And let's think about who and who isn't in the app store.
Microsoft Office isn't. If users are forbidden to install Office, all the folks who are okay with buying Macs because they can run Office stop buying Macs.
Adobe Dreamweaver isn't. Say goodbye to web designers who are taught that tool.
I see someone cued the fanboys arguing that the big lockdown won't occur. I don't see that it's likely, but the point would be that those of us who need to run applications that cannot and will not be found in the App Sto
Re: (Score:2)
Developers do not have to use the app store to distribute their apps.
But will anyone be shopping outside the secure and comfortable environment of the app store?
How many Linux users would be comfortable installing apps outside their distro's repository? I am betting not many even if the business was made as dead easy as launching a Windows executable.
Problem? (Score:4, Insightful)
I fail to see any problem with this.
I'm actually far happier when apps are clean and well controlled in terms of what they put where, Apple is providing an assurance that this *will* be the case for officially approved apps.
Good on them.
Whether or not they eventually disable applications from outside the App Store is completely irrelevant to this move.
Re:Problem? (Score:5, Interesting)
As much as people like we /. denizens will gripe about this, for the average user it's a good solution. Disable by default the installation of unapproved apps. Allow users to opt out of that feature if they so choose.
For most users, who will never figure out how to enable non-market apps, or will have no desire to anyway, this makes their PC much more secure. For "power users", it's trivial enough to live in the old world.
Re: (Score:2)
For most users, who will never figure out how to enable non-market apps
That's only if companies like Adobe and Microsoft start selling their apps in the App Store.
Re: (Score:2)
Re: (Score:2)
No, but it does means that the app checks a lot of the same boxes as an app that is not "clean and well controlled".
Re: (Score:2)
Of course not, but the point is that the installer tells you what resources the app is demanding access to, and you have the choice to say "yeah, that makes sense", or "no, why the hell does it need that?"
Let's say you install a text editor, and it says it needs the ability to add/remove user accounts -- you'd raise your eyebrows.
Re: (Score:2)
You can request permissions for them, if your app is deemed to have valid use for it they will grant it.
The second link [lacquer.fi] makes me thing some permissions can't be requested at all.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
It seems highly unlikely that Apple would lock down the Mac to only App Store apps. It would really piss off both users and developers. I think Apple is more interested in (slowly) moving to a world where the Mac doesn't exist, and everyone uses an iPad or derivative.
Re: (Score:2)
Re:(Apple is) keen to get out of the pro market (Score:2)
On the Big Picture level, this is complicated. So ... what... Apple gets out of the Pro Desktop/Laptop market... that leaves is back to Microsoft again right? Except instead of Windows vs "Rebel" OS X wars, it's Windows and ... what? For everyone who hates Windows and MS, if Apple literally phases out OS X, could THAT be the Year of the Linux Desktop?
Re: (Score:2)
what malware? as long as you stick to the normal market with the phone and not some market based out of china or one of amazon's you will not get any either.
Apple is a business (Score:5, Interesting)
Why is this unreasonable (Score:5, Insightful)
So, is this actually unreasonable? Seems to me that if you don't want machines to be pwned, it would be nice to have somebody look over the ap before it starts controlling processes outside its sandbox. Sudo privilege is nice to have, but it's also something you don't want to give away without oversight.
Stupid (Score:2)
This is stupid. Virus and Trojans are not coming through the App Store. People are installing pirated software that has been infected or purposely contains a trojan. If people stop installing pirated software or being dumb and installing software without questioning it, this problem would go away in the MacOSX space.
Define pirated software (Score:2)
If people stop installing pirated software
Define pirated software. Is VLC Media Player pirated software because it is an independent implementation of a well-known media codec? Is a game like Quinn or NullpoMino pirated software because it implements the same rules as a well-known commercial game?
Re: (Score:2)
I think you are twisting his words around to try to make an off topic discussion on piracy. He did say (emphasis mine):
I would put VLC Media player in the be smart about where you download it from portion of his comment.
Stupidity is not realizing the real attack vector (Score:2)
This is stupid. Virus and Trojans are not coming through the App Store
No, where they usually come through is data payloads to applications.
Which is why it's quite smart to not let applications have write access all over the system - not even all over your home directory.
There's already the user/system layer of protection, this just adds one more layer and greatly reduces the usefulness of corrupting data to an application as an attack vector - VERY important in an age where more and more applications have s
Re: (Score:2)
Simply not true. Most viruses and software are coming from web site now a days. Or trojans is emails.
As someone pointed out, making this behavior the default is the first step. It will be a slippry slope.
1) you have to do it their way to get published in the app store, but users can run any app.
2) then you have to opt in to run any app
3) then you can't get support on OS issues if you have opted in and have non app store apps installed
4) then you cant install non app store apps.
5) viola, you have the iphone.
Re: (Score:3)
This is not to prevent trojans from coming from the App Store, it is to decrease the attack area of apps if exploits are found through them. For example suppose an app registers an URI handle, but does not properly sanitize the data before processing it leading to an arbitrary code exploit. It would still have to bypass the sandbox to further infect the system. Yes, pretty much all malware software is based on trojans. But that doesn't mean that ignoring other risks is a good thing.
The biggest problems with
OMG TEH EVIL APPLE (Score:5, Insightful)
You don't ask Apple for anything. You just declare what your application needs from OS to function.
Ever heard of Android? Works the same way.
Re:OMG TEH EVIL APPLE (Score:5, Informative)
You don't ask Apple for anything. You just declare what your application needs from OS to function.
Ever heard of Android? Works the same way.
But but but it's more fun to sensationalize the truth so we all can have another pretend reason to hate Apple.
Permissions conspicuous by their absence (Score:4, Informative)
Ever heard of Android? Works the same way.
Every time Google adds a sensitive API to Android and documents it, it adds a corresponding permission to the application manifest schema. This means every single documented API in Android is either A. covered by the generic permission for all installed applications or B. covered by one of the permissions that an application can request. This Mac App Store sandbox, on the other hand, appears to add a category C: APIs that no sandboxed application can request, even with good reason. The page behind the second link [lacquer.fi] points out a few noticeable omissions in the available permissions. This points to one of two paths of speculation: either Apple will add permissions covering these holes in a later revision of the policy, or Apple plans to completely remove the functionality corresponding to those holes in future versions of Mac OS X.
Re: (Score:3)
Mind you, Apple has a way for Developer's to provide feedback for APIs they need. If enough enter tickets requesting a API be sandboxed, it'll show up at some point. This has proven true on iOS side as well. If enough dev's put in requests for an API for something, it usually does show up, eventually. This isn't always a quick process, but the more feedback they get, the more likely it will turn up at some point.
Re: (Score:3)
Great Security (Score:5, Insightful)
Re: (Score:2)
Exactly. I won't deal with Apple, but this is good for the unwashed masses in many ways...except one.
One tiny breach of the app store and you could suddenly have millions of zombie/compromised Apple devices out there. But they would all be trusted by everyone. Would Apple admit a breach and destroy the trust they've built?
Won't happen? Dream on. Sometimes a certain lack of trust is good.
Security (Score:3)
This would be an important security feature if users could force it for any program.
Re: (Score:2)
This would be an important security feature if users could force it for any program.
The problem there is that if the program wasn't written to be well-behaved, it may trip various security rules by fairly harmless processes of its normal operation.
For instance, if a Windows program were to store a bunch of data in its directory in Program Files - on older versions of Windows this would be fine (because users commonly had administrator-level privilege and thus also write access to the application's directory in Program Files) - but in a more secure setup on a more recent version, this would
So now that Apple's doing it, sandboxing is evil? (Score:5, Insightful)
Sandboxing applications is a common security model on Unix systems, so why is this a bad thing on desktop apps as well? The App Store apps already had restrictions on where you could put your executable. This just codifies other accesses into a model where the developer sets up the privileges the app requires instead of leaving it at the free-for-all it is now.
APIs with no corresponding permission (Score:2)
The Future of Computer Security, Writ Large (Score:3, Insightful)
Ummm... good? (Score:5, Insightful)
So a free Twitter app isn't allowed to take screenshots while I have my checkbook app open? I'm OK with that. Every one of those restrictions seem perfectly reasonable and good.
Too far? (Score:3)
Why is Apple allowed to do things and not get sued (Score:2)
Re: (Score:2)
Apple isn't a monopoly. QED.
Also note that they have NOT restricted non-App Store programs from being installed.
Re: (Score:2)
What does this mean for anti-trust precedents set against Microsoft?
Nothing. Apple is not a monopoly, anti-trust doesn't apply, they can do whatever they want until they reach, whatever, 90% market saturation. Also, what you and the summary suggest, only allowing Mac AppStore installations, will never happen.
I see know problem with this... (Score:2)
If this prevents companies like Adobe and game developers from installing crappy insecure DRM measures all over my machine, then I welcome this.
90% of the population won't notice anything different, where as the other 10% who happen to be tech savvy will bitch and moan about the walled garden until there face turns blue.
It's good, and I'd like it for Linux (Score:4, Informative)
OK, not the "central authority can veto apps" part.
But the "app package declares what system calls it needs to access; package manager reports it; sandbox enforces it" part.
You can achieve it in a limited way with things like chroot, but having it conveniently bundled is nice.
# apt-get install gnuTunes /usr/share/Music/ ... and so on.
INFO: gnuTunes requires:
- read/write access to ~/.gnuTunes/ for the user
- access to audio output
- read access to the optical drive
- read/write access to ~/Music/ for the user
- read access to
- make HTTP requests to http://gracenote.com/ [gracenote.com]
This is not news, and is slightly misleading (Score:5, Informative)
- The real news is that the deadline was announced today as March 1 2012, whereas back in the summer at WWDC it was announced as November 1 2011. So they've just delayed this for 4 months--probably to continue refining it.
This means you must ask Apple for read or read/write entitlements for additional folders outside your Application Support folder...
- But you are always allowed access to read/write files that the user selects through the normal open/save dialogs. So this restriction just applies to files you create without the user's specifying the location. Now, this still does potentially create some problems with some kinds of legitimate file access, keeping track of and using previously-saved/read files, and that sort of thing. But it's not nearly as drastic as the summary makes it sound.
If/when the MacAppStore-only lockdown happens (Score:2)
... is when I abandon the platform. As it stands, only 3-4 Apps on my Mac are from the MAS. Unless I can get VMWare, MS Office and other basic desktop apps on my system, the platform is not meaningful for my work.
Which is probably the reason why it will never happen.
Paging Anti-Trust (Score:2)
How is this different than UNIX file permissions? (Score:2)
My understanding is that applications won't be able to see other users's files.
Sounds like UNIX to me. And, gee, that's been around for only 40 years.
About Time (Score:2)
It is about time. The old goal of "protecting the system from the user" is obsolete. A PC is owned by the user - the user is not the enemy.
Instead, the data needs protecting from rogue applications. Not everybody will recognise a trojan even if the writing is on the wall, and even an expert may not have the resources to be sure. Sandboxing removes any doubt - an application has to say what it wants to do.
So for once, this is actually a useful development.
more nonsense (Score:4, Informative)
ok, it really is nonsense-summary week on /.
This is fantastic news for everyone who is worried the slightest bit about security. This has absolutely nothing to do with turning a Mac into an appliance, and nobody from within Apple has ever alleged that non-App-Store installations would be made difficult or impossible.
But what this is is a huge and desperately step needed in putting applications into their own corner. Imagine what would happen if random apps couldn't crap all over your system? The horror! Most of the spy- and malware would go away!
The OS X sandbox is actually a fairly nifty beast, but is has been under-used. This is a great step into pushing it out and making developers accept that just because I want to use their app I don't mean to give them full access to everything on my system - not even everything I can access with my user account.
Re: (Score:3)
No. Their target market wants appliance-like reliability.
Other software choices exist outside the RDF and the sooner those who WANT choice are shunted there by Apple and MSFT the better.
Re: (Score:2)
No. Their target market wants appliance-like reliability.
Other software choices exist outside the RDF and the sooner those who WANT choice are shunted there by Apple and MSFT the better.
Sounds a bit like the glory days of Blackberry, doesn't it?
Ah, but Apple could never die again, could they?
How is it restrictive? Freedom for real people (Score:5, Insightful)
You can install an application from anywhere. Apple is simply providing application writers a mechanism to help ensure user security (that you can also use in building non app-store apps), and a channel for people to get applications that they know will have less potential impact on the system if there's a security issue. If I get a computer for a grandparent and say "buy applications from here" then they are substantially better off and I can rest easier knowing it's less likely the system is compromised, even if any given application is compromised.
I would say what is restrictive is the notion that users should have to understand computers well enough to secure them. That is the real prison which we have forced millions to endure for years. A computer that people can use to a great desire without worrying about how to "maintain" it is liberation for 99% of computer users on the planet.
Re: (Score:2)
Mac OS X is one of the most tweakable, flexible OS's out there. As a user and developer there is very little to restrict me from doing anything I want with my computer. I can create and install any software I want. But thanks for the baseless comment.
Re: (Score:2)
The End Of The World As We Know It!
And I Feel Fine.