Michael Tsai
Adobe Creative Cloud Installer Deleting Hidden Files: http://mjtsai.com/blog/2016/02/12/adobe-creative-cloud-installer-deleting-hidden-files/ … #mjtsaiblog
-
@rosyna Why not? Isn’t that part of why the Mac App Store requires sandboxing, as a backstop against malware?
Rosyna Keller
@mjtsai No, it's so the developers can define the resources they need up front. This prevents bugs/bad coding from accessing other resources
-
-
@rosyna I don’t remember that being presented as the main motivation. I don’t think anyone’s worried about apps accidentally printing. - View other replies
-
@mjtsai That was the only motivation when sandboxing was added to OS X for system services, which was before the Mac App Store existed. - View other replies
-
@rosyna I’m not sure how the original reason the technology was developed is relevant to the policy decision about using it now. -
@mjtsai Because it's never been used to protect against malicious apps. As I said, those apps can always ask the user which files to destroy - View other replies
-
@rosyna Apple’s docs says "Enable App Sandbox to Minimize Damage from Malicious Code". https://developer.apple.com/library/mac/documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/AboutEntitlements.html … -
@mjtsai Yes, malicious code that hijacks and exploits a security vulnerability in your app. -
@rosyna Where is that code running? And why wouldn’t it also be able to make the app ask the user which files to destroy, as you say? -
@mjtsai the malicious code runs inside the legitimate app. That's how all flash exploits work. A user would notice an unusual dialog. - View other replies
- Show more
-
-
@mjtsai a malicious app can just ask the user for the resource they want to destroy.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.