On Mar 18, 2013, at 5:15 PM, Rick Mann <[email protected]> wrote:
>> 2. NSCoding is not trustworthy. Your app must blindly trust any object >> archive it loads. This is a significant security risk. > > I don't think that argument is any more true for what I'm proposing than what > what exists today. Property lists are safe to read because they only contain a very limited set of data types, and only a very small set of methods run as a result of decoding one. That’s not true of archives. There have been serious security holes in the unarchiver in the past, and the security footprint includes all archivable classes, which includes things like NSView. I have no doubt someone could easily come up with a malicious archive that would crash an app or worse. —Jens _______________________________________________ Cocoa-dev mailing list ([email protected]) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [email protected]
