Sandbox Violation on Runtime Exec
Marco Dinacci
marco.dinacci at gmail.com
Wed Jun 13 00:32:13 PDT 2012
Hi,
> To make sure I'm understanding.
> So Runtime exec is broken sandboxed period? No matter what is done with Runtime?
> There would be no way to give the application a entitlement correcting the
> deny file-read-data /dev/fad
> as a work-around? (That would not result in the application being rejected App Store).
the way I understand it yes, it's broken and there's no workaround.
I submitted a bug few days ago here, sorry for not updating the
conversation earlier:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7172752
but it's not been accepted (yet ?).
> The long-term fix would be to change the invocation to posix_spawn which would then need no entitlement? This would be what NSTask does?
Apple documentation says that a child process created using
posix_spawn or NSTask inherit the sandbox of the process that created
it.
If I found some time I'll make a test and report.
Best,
Marco
More information about the macosx-port-dev
mailing list