| ▲ | quotemstr 5 days ago | |
> By default, folders like ~/Documents are not accessible by any process until you explicitly grant acces And in a terminal, the principal to which you grant access to a directory is your terminal emulator, not the program you're trying to run. That's bonkers and encourages people to just click "yes" without thinking. And once you're authorized your terminal to access documents once, everything you run in it gets that access. The desktop security picture is improving, slowly and haltingly, for end-user apps, but we haven't even begun to attempt to properly sandbox development workflows. | ||
| ▲ | chatmasta 5 days ago | parent [-] | |
Yeah, it does say “Do you want to grant Terminal.app access to ~/Documents?” I agree this should be more granular to the actual process/binary attempting the access. Or at least there should be an option like on iOS, to grant access but “just this once.” That way you know it’s the program you just ran, but you aren’t granting access to any program you execute in the terminal in perpetuity. But I’ve yet to grant it since I treat that prompt as an indication I should move the files I’m trying to access into a different directory. | ||