Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Create a Sandbox for apps using folder actions' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Create a Sandbox for apps using folder actions
Authored by: anjoschu on May 28, '04 03:45:50AM
SOX wrote:
I did not know setuid worked that way.

Actually, it's the same with sudo used in the other hint. Someone mentioned in the forums that it doesn't work with open, like in

sudo -u theuser open /Applications/TheApp
and that's right. Same here. I suspect that the applications launch each other via a system call or something that resets the privileges to the logged-in user. Hasn't there recently been talk about something called LaunchServices in connection with the current URL security flaw in Panther? Maybe you could tweak those with an APE haxie or something to keep spawned processes in the Sandbox, but I'm not sure. Anyone got an idea?

SOX wrote:
In any case this means this is not secure since it can get out of it's sandbox and run arbitrary shell scripts.

Exactly the problem. I am hoping since so many people are reading this, someone will come up with an idea on how to prevent apps from escaping.



[ Reply to This | # ]