[racket-dev] OS X 10.8 includes new restrictions on running apps

From: John Clements (clements at brinckerhoff.org)
Date: Wed Feb 22 16:52:09 EST 2012

On Feb 22, 2012, at 1:05 PM, Norman Gray wrote:

> 
> Greetings.
> 
> On 2012 Feb 22, at 20:03, Jens Axel Søgaard wrote:
> 
>> The tech press reports that the default is to "medium" i.e. applications
>> downloaded from the mac app store and from identified developers (that is
>> signed applications) are allowed to run.
> 
> For those who haven't chased this up already (I haven't gone into much detail), there are some interesting links at Daring Fireball[1], including a piece which highlights some of the likely problems[2].
> 
> The short version appears to be that, as Jens says, Gatekeeper will by default run in a mode which enforces MAC on applications, and the principal problem -- voiced at length and at high volume -- is that the currently available set of 'entitlements' (where the application declares what set of resources it wishes to have access to) is too small for a significant minority of applications.

FWIW: actually, I don't see Jens saying that signed apps will by default run in a mode that enforces privilege checking, and I just spent a few minutes digging, and didn't find anything saying that. Are you really sure that Gatekeeper's "level 2"--code must be signed, but not app-store-ready--will enforce access restrictions? Pointers gladly appreciated, and maybe I'm just not reading carefully enough.


John

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4624 bytes
Desc: not available
URL: <http://lists.racket-lang.org/dev/archive/attachments/20120222/c3ec0dbe/attachment.p7s>

Posted on the dev mailing list.