Sandbox Violation on Runtime Exec
Michael Hall
mik3hall at gmail.com
Wed Jun 13 03:20:52 PDT 2012
On Jun 13, 2012, at 2:32 AM, Marco Dinacci wrote:
> Hi,
>
>> To make sure I'm understanding.
>> So Runtime exec is broken sandboxed period? No matter what is done with Runtime?
>> There would be no way to give the application a entitlement correcting the
>> deny file-read-data /dev/fad
>> as a work-around? (That would not result in the application being rejected App Store).
>
> the way I understand it yes, it's broken and there's no workaround.
>
> I submitted a bug few days ago here, sorry for not updating the
> conversation earlier:
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7172752
>
> but it's not been accepted (yet ?).
>
>> The long-term fix would be to change the invocation to posix_spawn which would then need no entitlement? This would be what NSTask does?
>
> Apple documentation says that a child process created using
> posix_spawn or NSTask inherit the sandbox of the process that created
> it.
> If I found some time I'll make a test and report.
Thanks
More information about the macosx-port-dev
mailing list