Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
JustExAWS 2 days ago

Yes and they are only as far as I know enforced for Mac App Store apps. But once an app has free reign to read and write anywhere on a shared folder, it defeats the purpose as opposed to being able to read and write to the apps own folder and the user can choose a file from another folder explicitly.

But what do sandboxes have to do with greed?

robenkleene 2 days ago | parent [-]

I comment on the Mac App Store part here https://news.ycombinator.com/item?id=44952088

> But once an app has free reign to read and write anywhere on a shared folder, it defeats the purpose as opposed to being able to read and write to the apps own folder and the user can choose a file from another folder explicitly.

Not sure I'm following this statement, isn't just being able to read/write to a shared folder a large improvement over an app being able to write to the entire file system (user-permissions allowing, granted)? I.e., "it defeats the purpose" seems like an odd phrase to use there? (For the record, I wish all this sandboxing/entitlement-based security stuff didn't exist on desktop computers [my priorities are clearer from my linked to comment], so I'm probably wrong person to ask anyway, but I was missing what you meant there.)

JustExAWS 2 days ago | parent [-]

The only part of my computer I care about are my own files and of course things like passwords in the Secure Enclave. If the operating system gets hosed (see the former Chrome bug where if you turned System Integrity Protection off and installed Chrome it hosed your entire OS), that’s an annoyance. But recoverable.

It’s actually the concept of an old XKCD

https://xkcd.com/1200/

robenkleene 2 days ago | parent [-]

It sounds like you're treating "a shared folder" as a synonym to "all user files"? Those aren't the same thing? E.g., a shared folder can be a far smaller subset of all a user's files?

(Also, Apple's sandboxing supports access to a single files, reference https://developer.apple.com/documentation/security/accessing... so not sure if any of this is important anyway.)