Re: Security-scoped bookmarks linked to code signing?
On 25 Oct 2012, at 00:27, Graham Cox wrote: On 25/10/2012, at 10:05 AM, Mike Abdullah cocoa...@mikeabdullah.net wrote: On 24 Oct 2012, at 23:31, Graham Cox wrote: On 24/10/2012, at 8:47 PM, Mike Abdullah cocoa...@mikeabdullah.net wrote: Handling security-scoped bookmarks most certainly relies upon code-signing, as without you can’t create or resolve them. Are you dealing with app or document scoped bookmarks here? App-scoped. In dev and testing no problem was encountered but in the wild we have this crash deep within -[NSURL URLByResolvingBookmarkData:options:.]. The app was incorrectly signed due to a stuff-up with the developer ID certs which was resolved, but that won't help until we get an update published. What's annoying is that the bookmark resolving just crashes rather than handle the problem gracefully, and we're still not certain whether the incorrect signing is the real cause or not (the apps were signed, just not using the correct cert). This deep connection between parts of the OS that behave very differently according to the situation they find themselves in is a recipe for very hard-to-find bugs that easily escape QA. Is it possible http://www.mikeabdullah.net/nsurl-bookmark-error-handling.html is biting you? Hmm, interesting... I wasn't setting error to nil, I am now. However, all I do with the value of error is log it if the URL returns nil. While that could crash in the circumstances your post describes, that isn't where it appears to actually be crashing. (Unfortunately I don't have a stack trace handy). Do you know of a way to force this resolution to fail so I can test it? Oops, I forgot to mention in the post that I’d seen it crash internally too, from trying to do something with the junk pointer being fed in. Sadly I don’t have a stack trace or repro steps handy :( ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security-scoped bookmarks linked to code signing?
On Thu, 25 Oct 2012 00:05:44 +0100, Mike Abdullah said: Is it possible http://www.mikeabdullah.net/nsurl-bookmark-error- handling.html is biting you? Interesting bug. I wonder if everyone inside Apple is using ARC these days and therefore expecting ptr-to-object variables to be nil-initialised could explain how such a bug escaped. Cheers, -- Sean McBride, B. Eng s...@rogue-research.com Rogue Researchwww.rogue-research.com Mac Software Developer Montréal, Québec, Canada ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security-scoped bookmarks linked to code signing?
On Oct 25, 2012, at 11:35 AM, Sean McBride wrote: On Thu, 25 Oct 2012 00:05:44 +0100, Mike Abdullah said: Is it possible http://www.mikeabdullah.net/nsurl-bookmark-error- handling.html is biting you? Interesting bug. I wonder if everyone inside Apple is using ARC these days and therefore expecting ptr-to-object variables to be nil-initialised could explain how such a bug escaped. Cheers, I think another person on has run across a case as well. http://www.reddit.com/r/iOSProgramming/comments/120e2m/breaking_arc_retain_cycle_in_objectivec_blocks/ http://teohm.github.com/blog/2012/09/03/breaking-arc-retain-cycle-in-objective-c-blocks/ In any case, considering the huge benefit that ARC offers, for what I've done, it's been a pleasantly painless experience. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security-scoped bookmarks linked to code signing?
On Oct 25, 2012, at 11:35 AM, Sean McBride wrote: On Thu, 25 Oct 2012 00:05:44 +0100, Mike Abdullah said: Is it possible http://www.mikeabdullah.net/nsurl-bookmark-error- handling.html is biting you? Interesting bug. I wonder if everyone inside Apple is using ARC these days and therefore expecting ptr-to-object variables to be nil-initialised could explain how such a bug escaped. Cheers, I think another person on has run across a case as well. http://www.reddit.com/r/iOSProgramming/comments/120e2m/breaking_arc_retain_cycle_in_objectivec_blocks/ http://teohm.github.com/blog/2012/09/03/breaking-arc-retain-cycle-in-objective-c-blocks/ In any case, considering the huge benefit that ARC offers, for what I've done, it's been a pleasantly painless experience. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security-scoped bookmarks linked to code signing?
On 25 Oct 2012, at 22:05, Alex Zavatone z...@mac.com wrote: On Oct 25, 2012, at 11:35 AM, Sean McBride wrote: On Thu, 25 Oct 2012 00:05:44 +0100, Mike Abdullah said: Is it possible http://www.mikeabdullah.net/nsurl-bookmark-error- handling.html is biting you? Interesting bug. I wonder if everyone inside Apple is using ARC these days and therefore expecting ptr-to-object variables to be nil-initialised could explain how such a bug escaped. Cheers, I think another person on has run across a case as well. http://www.reddit.com/r/iOSProgramming/comments/120e2m/breaking_arc_retain_cycle_in_objectivec_blocks/ http://teohm.github.com/blog/2012/09/03/breaking-arc-retain-cycle-in-objective-c-blocks/ In any case, considering the huge benefit that ARC offers, for what I've done, it's been a pleasantly painless experience. I'm confused. Neither of your links seem to have anything to do with pointers and error handling. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security-scoped bookmarks linked to code signing?
On 24 Oct 2012, at 02:28, Graham Cox wrote: I'm using security-scoped bookmarks to save the location of certain folders between launches so that my sandboxed app works properly. We've had reports that resolving these bookmarks sometimes crashes deep inside the security-scoping resolution but I have been unable to reproduce this. But one clue is that the apps that exhibit this problem were incorrectly codesigned (using the wrong developer certificate), and I was wondering if there was a connection between resolving SS bookmarks and codesigning. If there is that's probably the answer, but if not I'll know to keep looking for another reason. Handling security-scoped bookmarks most certainly relies upon code-signing, as without you can’t create or resolve them. Are you dealing with app or document scoped bookmarks here? ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security-scoped bookmarks linked to code signing?
On 24/10/2012, at 8:47 PM, Mike Abdullah cocoa...@mikeabdullah.net wrote: Handling security-scoped bookmarks most certainly relies upon code-signing, as without you can’t create or resolve them. Are you dealing with app or document scoped bookmarks here? App-scoped. In dev and testing no problem was encountered but in the wild we have this crash deep within -[NSURL URLByResolvingBookmarkData:options:.]. The app was incorrectly signed due to a stuff-up with the developer ID certs which was resolved, but that won't help until we get an update published. What's annoying is that the bookmark resolving just crashes rather than handle the problem gracefully, and we're still not certain whether the incorrect signing is the real cause or not (the apps were signed, just not using the correct cert). This deep connection between parts of the OS that behave very differently according to the situation they find themselves in is a recipe for very hard-to-find bugs that easily escape QA. --Graham ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security-scoped bookmarks linked to code signing?
On 24 Oct 2012, at 23:31, Graham Cox wrote: On 24/10/2012, at 8:47 PM, Mike Abdullah cocoa...@mikeabdullah.net wrote: Handling security-scoped bookmarks most certainly relies upon code-signing, as without you can’t create or resolve them. Are you dealing with app or document scoped bookmarks here? App-scoped. In dev and testing no problem was encountered but in the wild we have this crash deep within -[NSURL URLByResolvingBookmarkData:options:.]. The app was incorrectly signed due to a stuff-up with the developer ID certs which was resolved, but that won't help until we get an update published. What's annoying is that the bookmark resolving just crashes rather than handle the problem gracefully, and we're still not certain whether the incorrect signing is the real cause or not (the apps were signed, just not using the correct cert). This deep connection between parts of the OS that behave very differently according to the situation they find themselves in is a recipe for very hard-to-find bugs that easily escape QA. Is it possible http://www.mikeabdullah.net/nsurl-bookmark-error-handling.html is biting you? ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Security-scoped bookmarks linked to code signing?
On 25/10/2012, at 10:05 AM, Mike Abdullah cocoa...@mikeabdullah.net wrote: On 24 Oct 2012, at 23:31, Graham Cox wrote: On 24/10/2012, at 8:47 PM, Mike Abdullah cocoa...@mikeabdullah.net wrote: Handling security-scoped bookmarks most certainly relies upon code-signing, as without you can’t create or resolve them. Are you dealing with app or document scoped bookmarks here? App-scoped. In dev and testing no problem was encountered but in the wild we have this crash deep within -[NSURL URLByResolvingBookmarkData:options:.]. The app was incorrectly signed due to a stuff-up with the developer ID certs which was resolved, but that won't help until we get an update published. What's annoying is that the bookmark resolving just crashes rather than handle the problem gracefully, and we're still not certain whether the incorrect signing is the real cause or not (the apps were signed, just not using the correct cert). This deep connection between parts of the OS that behave very differently according to the situation they find themselves in is a recipe for very hard-to-find bugs that easily escape QA. Is it possible http://www.mikeabdullah.net/nsurl-bookmark-error-handling.html is biting you? Hmm, interesting... I wasn't setting error to nil, I am now. However, all I do with the value of error is log it if the URL returns nil. While that could crash in the circumstances your post describes, that isn't where it appears to actually be crashing. (Unfortunately I don't have a stack trace handy). Do you know of a way to force this resolution to fail so I can test it? --Graham ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Security-scoped bookmarks linked to code signing?
I'm using security-scoped bookmarks to save the location of certain folders between launches so that my sandboxed app works properly. We've had reports that resolving these bookmarks sometimes crashes deep inside the security-scoping resolution but I have been unable to reproduce this. But one clue is that the apps that exhibit this problem were incorrectly codesigned (using the wrong developer certificate), and I was wondering if there was a connection between resolving SS bookmarks and codesigning. If there is that's probably the answer, but if not I'll know to keep looking for another reason. --Graham ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
