MacPorts and sandboxing

Jordan K. Hubbard jkh at apple.com
Thu Sep 27 11:31:13 PDT 2012


Yeah, and, after talking to the sandbox gurus at Apple last night it's pretty clear that sandboxing is fairly monomaniacal in its focus:  It just wants to deny things.  It doesn't want to hide, redirect or otherwise interpose filesystem / other operations, and given all of the complexities inherent in the other approaches, that makes sense.  Rats.  It would have been so much simpler if we could have figured out how to piggy-back on sandboxing.

I'm about to jump on a plane for a long trip.  Let me think about this for awhile in my seat. :)

- Jordan

On Sep 26, 2012, at 11:30 PM, Clemens Lang <cal at macports.org> wrote:

> while that would help, hiding directories is not enough. The same
> problem breaks the currently implemented trace mode, because autoconf
> reads the contents of $prefix/share/aclocal/ and tries to open every
> file in there, aborting if the file doesn't exist of permission was
> denied.
> 
> I've been working on overloading __getdirentries64 and setting the inode
> of the files where access should be denied to 0. I'm not sure this would
> satisfy the requirements of the sandboxing, though (attackers could
> still find out the file exists/existed).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20120927/c6c79364/attachment-0001.html>


More information about the macports-dev mailing list