Hacker News new | ask | show | jobs
by zdw 5231 days ago
Dev tools don't really have a place in managed environments IMO - they just need too low level of access to a system to be able to do their work.

Now, say a game or web browser that runs potentially malicious content, sure, sandbox it. But other things like code interpreters, low level Unix tools, or inter process tools like AppleScript, they're still open to (mis)use by anyone.

I'm going to guess that most malware for OS X will soon become non-compiled scripts. Sure, the interpreter would be signed, but what it runs is totally arbitrary.
3 comments
ramses 5231 days ago
There's another kind of applications, besides dev tools, that's going to be affected by this.

I'm a user of one of Apple's "pro" applications, Logic Pro 9, a top music recording software (or DAW). I started using it long before it was put in the appstore, and was surprised when they moved it there, as it was a 5 DVD install.

Anyways ... the tool interacts with plugins written in a Logic Pro independent standard, VST. It burns CDs. It manipulates midi through wifi, usb, and firewire. It reads third party provided sound samples and loops. It manipulates analog instrument interfaces through firewire ...

Is Apple going to cripple Logic Studio? Or will they also have to take their "pro" software out of the appstore?

link
Ryanmf 5231 days ago
Mainstage is in the Mac App Store as well, nothing about Rewire support is consistent with MAS guidelines.

Unfortunately, it appears this may be a "do as I say, not as I do" situation.

link
batista 5231 days ago
Unfortunately, how?

The whole point of sandboxing is to reduce the damage a badly written or mal-intended application can do to a system.

Surely Apple TRUSTS their own apps.

link
Ryanmf 5231 days ago
Are you dense?

It's unfortunate for users, rational beings who, having spent several hundred/thousand dollars on pro applications, can generally expect not to be served malware. I don't really need Apple's assistance to ensure that Ableton doesn't sell me a trojan. If they do, I have my lawyer's number in my phone, we know who to sue, we've got it covered. It's unfortunate that the way the rules are currently written, no pro media application will be able to take advantage of iCloud functionality…except of course the ones that Apple sells.

I don't care who Apple trusts. And if the answer to "Who does Apple trust?" is "No one but Apple," that says more negative things about Apple than it does about the tens of thousands of software developers, large and small, who aren't Apple.

link
batista 5230 days ago
Are you dense? It's unfortunate for users, rational beings who, having spent several hundred/thousand dollars on pro applications, can generally expect not to be served malware. I don't really need Apple's assistance to ensure that Ableton doesn't sell me a trojan.

You might be dense. Who said it's only for trojans? I wrote "to reduce the damage a badly written or mal-intended application can do to a system".

Sandboxing is not only about malware. If, for example, Live has a bug that eats your home directory, it won't have its day under sandboxing.

And who said anything different will happen to Live or anything? It's not in the App Store, and you will STILL be able to run it. The change is for App Store applications.

link
mburns 5231 days ago
In contrast to Google, whose malware auto-detection algorithms will still flag Google-owned domains.
link
recoiledsnake 5231 days ago
>Is Apple going to cripple Logic Studio? Or will they also have to take their "pro" software out of the appstore?

The answer is simple, Apple's apps will have special access that will make them better than 3rd party apps which have to jump through all these hoops.

link
sern 5231 days ago
The current version of Xcode, released yesterday (two weeks prior to the sandboxing deadline), contains no code signing entitlements and hence is not sandboxed.
link
jdq 5230 days ago
Except that you just made this up. Do you really think Apple doesn't know people are on the lookout for just such behavior?
link
recoiledsnake 5230 days ago
What can anyone do about it really? They hide behind the 'is not a monopoly' excuse and there's nothing anyone can do.
link
sukuriant 5231 days ago
If true, didn't Microsoft do that a long time ago... with Internet Exporer?
link
batista 5231 days ago
Anyways ... the tool interacts with plugins written in a Logic Pro independent standard, VST.

Actually, Logic Pro does not interact with VST plugins at all. It interacts with AU (Audio Unit) plugins. Plugins like Native Instrument's etc that come as VST plugins also come in AU versions.

Is Apple going to cripple Logic Studio?

No, Apple is not going to cripple Logic Studio. They even said so, a few months ago.

Or will they also have to take their "pro" software out of the appstore?

They can also do whatever they want with THEIR apps in the appstore, like have them there despite not implementing sanboxing, or giving them arbitrary sanboxing rights (after all, Apple TRUSTS their own apps not to be malware).

link
gizzlon 5231 days ago
Good point. Every interpreter - and program that loads anything - will have to be foolproof. There was a case some time ago where an Xbox (or was it ps3?) game did not correctly check the saved games before loading them. IIRC people where able to exploit this and get the game to run code on their behalf.

In theory, all the games and apps have to sign/encrypt/check everything they load. But I can't believe they will all implement this correctly or that Apple will find all the subtle bugs when reviewing.

link
roc 5231 days ago
The sandbox lessens the risk of said overflows. Instead of exploiting a flaw in an interpreter or file handling function and getting control of the entire machine, you'd only get control of the sandbox's context.

The only way to parlay that into control of the system would be to break the sandbox. And then, because OS X default security is fairly sane, the only way to do real lasting damage is to use a further exploit to escalate your permissions.

link
gizzlon 5230 days ago
True, but that would be true without signed apps as well.

Also, I guess it depends on what the app does and what you mean by "real lasting damage".

link
skymt 5231 days ago
That was the first way Wii owners got homebrew software running: the Wii version of Zelda: Twilight Princess didn't do a bounds check when reading the name of the player's horse from a save file.

http://wiibrew.org/wiki/Twilight_Hack#Explanation

link
gcb 5231 days ago
the real way we got homebrew in the wii in the first place was because of a awful RSA implementation done by outsourced devs in the USA.

http://events.ccc.de/congress/2008/Fahrplan/events/2799.en.h...

link
daeken 5231 days ago
Err, no, that came later. Much later. The original released homebrew was the Twilight Princess hack. There were a few others internal to the group first, but the attack you're referring to didn't happen until a good year, year and a half later.
link
gcb 5229 days ago
i wasn't thinking. my bad
link
Argorak 5231 days ago
http://en.wikipedia.org/wiki/Softmod#Softmods_for_Microsoft_...

Splinter Cell and MechAssault where famous for this. The bug is actually in the XBox Dashboard code itself, so the Host system was buggy.

link
gravitronic 5231 days ago
xbox, ps3, wii, psp, gamecube.. this has been a consistent successful attack vector against signed application environments on consoles.
link
Codhisattva 5231 days ago
That was my first thought too. MAS is mainly for the general public. While it's a nice long blog with lots of details, it's not a universally correct criticism of MAS.
link