Lion problem report and fix
J. Landman Gay
jacque at hyperactivesw.com
Fri Jul 22 01:32:55 EDT 2011
On 7/21/11 11:07 PM, Ken Ray wrote:
> Personally I think we may be jumping the gun on assuming Apple's
> intentions based on enhanced security on the /Library/Application
> Support folder.
I've been working my way through the Ars Technica article that was
linked here. The Sandboxing section describes how Lion apps must save files:
***
A sandboxed application must now include a list of "entitlements"
describing exactly what resources it needs in order to do its job. Lion
supports about 30 different entitlements which range from basic things
like the ability to create a network connection or to listen for
incoming network connections (two separate entitlements) to
sophisticated tasks like capturing video or still images from a built-in
camera.
It might seem like any nontrivial document-based Mac application will,
at the very least, need to declare an entitlement that will allow it to
both read from and write to any directory owned by the current user.
After all, how else would the user open and save documents? And if
that's the case, wouldn't that entirely defeat the purpose of sandboxing?
Apple has chosen to solve this problem by providing heightened
permissions to a particular class of actions: those explicitly initiated
by the user. Lion includes a trusted daemon process called Powerbox
whose job is to present and control open/ save dialog boxes on behalf of
sandboxed applications. After the user selects a file or directory into
which a file should be saved, Powerbox pokes a hole in the application
sandbox that allows it to perform the specific action.
A similar mechanism is used to allow access to recently opened files in
the "Open Recent" menu, to restore previously open documents when an
application is relaunched, to handle drag and drop, and so on. The goal
is to prevent applications from having to request entitlements that
allow it to read and write arbitrary files.
***
It does only talk about saving to the user folder, but maybe the app can
request specific permissions/authority from the OS to write to protected
locations too. If so, and if standalone builder can be updated to
include that request, things could work as before.
--
Jacqueline Landman Gay | jacque at hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
More information about the use-livecode
mailing list