On Thu, 31 Jan 2013 10:54:54 +1100, Graham Cox said: >> - allow specific paths (com.apple.security.temporary- >exception.files.absolute-path.read-write) >> - allow full access (com.apple.security.temporary- >exception.files.absolute-path.read-write with the path "/") > > >One question is whether anyone, anywhere has ever got these entitlements >past the app store guardians? I know I haven't, and had to do an >extensive rewrite of one part of my app to get around it, no negotiation >possible. It seems that while the OS developers have given these to us >as a necessity, in practice they are useless because you'll never get >their use approved.
You are conflating issues. They are only "useless in practice" if you distribute with the app store. If you distribute otherwise, they are plenty useful: you can use the temp entitlements to get other App Sandbox benefits even if you grant yourself full file system access. At least then if your app is compromised there is still protection for network, microphone, camera, etc. It's all about limiting the attack surface after all... Cheers, -- ____________________________________________________________ Sean McBride, B. Eng s...@rogue-research.com Rogue Research www.rogue-research.com Mac Software Developer Montréal, Québec, Canada _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
