John, hello. On 2012 Feb 22, at 21:52, John Clements wrote:
> FWIW: actually, I don't see Jens saying that signed apps will by default run > in a mode that enforces privilege checking, and I just spent a few minutes > digging, and didn't find anything saying that. Are you really sure that > Gatekeeper's "level 2"--code must be signed, but not app-store-ready--will > enforce access restrictions? Pointers gladly appreciated, and maybe I'm just > not reading carefully enough. I had formed that impression, and it seems consistent with what I've read, but now I'm not so sure. I've found two (good as usual) Ars Technica discussions of Gatekeeper in general [1], plus a reasonably detailed account of the sandboxing mechanism and how Apple expect people to use it [2]. It seems that the expectation is that different threads might have different entitlements, depending on what they do, so that a thread which is decoding a PDF is denied access to the filesystem; and that certain user actions, such as saving a file, will be handed over (if necessary) to a privileged 'Powerbox' daemon. All very entertaining, but it doesn't actually answer your question. I'm afraid I can find neither chapter and verse, nor exegesis, which makes it clear what the default will be. So I'd appreciate pointers, too! Best wishes, Norman [1] http://arstechnica.com/apple/news/2012/02/developers-gatekeeper-a-concern-but-still-gives-power-users-control.ars http://arstechnica.com/apple/news/2011/11/apple-pushes-back-sandboxing-deadline-as-devs-struggle-with-tradeoffs.ars [2] http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/9 -- Norman Gray : http://nxg.me.uk SUPA School of Physics and Astronomy, University of Glasgow, UK _________________________ Racket Developers list: http://lists.racket-lang.org/dev
