[racket-dev] OS X 10.8 includes new restrictions on running apps

From: Norman Gray (norman at astro.gla.ac.uk)
Date: Wed Feb 22 17:25:42 EST 2012

John, hello.

On 2012 Feb 22, at 21:52, John Clements wrote:

> FWIW: actually, I don't see Jens saying that signed apps will by default run in a mode that enforces privilege checking, and I just spent a few minutes digging, and didn't find anything saying that. Are you really sure that Gatekeeper's "level 2"--code must be signed, but not app-store-ready--will enforce access restrictions? Pointers gladly appreciated, and maybe I'm just not reading carefully enough.

I had formed that impression, and it seems consistent with what I've read, but now I'm not so sure.

I've found two (good as usual) Ars Technica discussions of Gatekeeper in general [1], plus a reasonably detailed account of the sandboxing mechanism and how Apple expect people to use it [2].  It seems that the expectation is that different threads might have different entitlements, depending on what they do, so that a thread which is decoding a PDF is denied access to the filesystem; and that certain user actions, such as saving a file, will be handed over (if necessary) to a privileged 'Powerbox' daemon.

All very entertaining, but it doesn't actually answer your question.  I'm afraid I can find neither chapter and verse, nor exegesis, which makes it clear what the default will be.

So I'd appreciate pointers, too!

Best wishes,


[1] http://arstechnica.com/apple/news/2012/02/developers-gatekeeper-a-concern-but-still-gives-power-users-control.ars
[2] http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/9

Norman Gray  :  http://nxg.me.uk
SUPA School of Physics and Astronomy, University of Glasgow, UK

Posted on the dev mailing list.