Sandboxing on the Mac is yet another example of Apple’s iOS-ification of OS X.Īpple made it clear months ago that sandboxing was coming to the Mac App Store. If all this sounds vaguely familiar, it’s because it is very much how things already work for iOS devices. This is important as Macs move more and more toward being “consumer” devices. In addition to increasing security, Apple believes that sandboxing will simplify the user experience in the same way that fences can “simplify” interactions between neighbors. Apple decides whether or not to approve the requested entitlements for each app. Entitlements include actions such as read-only or read/write access to user folders (Music, Pictures, etc.), interaction with USB devices, and ability to print. To solve this conundrum, Apple has created a list of explicit “entitlements” that an app can request when it is submitted for approval to the Mac App Store. A photo editing app, to take one obvious example, would be useless if it were blocked from accessing the photos in your iPhoto Library.
This all sounds great except that many applications need at least some outside access to carry out their primary functions. The sandbox restrictions similarly protect you from unintended non-malicious conflicts that may occur between applications. Or it might attempt to extract passwords from other applications and send them to a pirate server. Without such protections, for example, an application could theoretically issue UNIX commands to delete files on your drive without your knowledge or intent. Most especially, this prevents one application from affecting another one in some malicious way.
A sandboxed application is confined to its own container ( i.e., sandbox), unable to access any resources or perform any actions that would necessitate going beyond its walls. I’m talking about an OS X feature that Apple will require all apps sold in the Mac App Store to implement.Īt its core, sandboxing is a security enhancement. No, I’m not talking about play areas for toddlers. I tripped over a half-dozen articles on the topic without even searching. Sandboxing was very much in the news last week.
0 kommentar(er)
