Hacker News new | ask | show | jobs
by Karunamon 4172 days ago
Is it really a net improvement? There are a number of developers out there that have pulled out of the app store (off the top of my head, Atlassian for SourceTree, and Panic for Transmit) because the sandbox restrictions would force them to remove functionality from their applications.

As far as Apple's implementation goes, sandboxes are for kids, not adults that need to get work done.
1 comments
dietrichepp 4172 days ago
SourceTree and Transmit need to stomp all over directories to get things done. Yes, it's useful. But it's not common for applications to need that kind of access. The sandbox seems to work fine for the other 99% of applications. I think Apple even uses the sandbox heavily for their own apps, check ~/Library/Containers next time you use an OS X system.

The only complaint here is about the app store, sandboxing is wonderful.

link
pjc50 4172 days ago
Steam is another category of application which wants to write to directories used by other applications...
link
gurkendoktor 4172 days ago
Why? In my Windows VM, all Steam data lives in C:\Program Files\Steam. (Plus start menu entries etc.)
link
pjc50 4171 days ago
Steam manages game installation and updates; those games are themselves separate applications. That's what I was referring to.
link
Chris_Newton 4171 days ago
There seem to be several reasonable ways to address this kind of situation without requiring universal access.

One would be analogous to an ACL arrangement rather than simple ownership. Steam applications could be installed with Steam also having permission to access their resources.

A second possibility would be to have the operating system provide dedicated services for installing and maintaining software. We’re already heading in that direction on some platforms anyway, and it would be useful generally given the kind of security model I suggested. Then software like installers/updaters or package managers can do their jobs in a tightly controlled way, without needing any general access or introducing the accompanying security risks.

link
Karunamon 4171 days ago
Silly question; how common is this class of bug? We're talking about an application that lives on the local system, and is probably only exploitable via social engineering bugs (i.e. we convince the user to do something stupid).

I can count the times I've been owned through an app that doesn't run content from the internet (either accessed by or being a server for) on zero hands.

What is the problem that sandboxing every app into a homogenous set of thou-shalt-not's solves?

link