Apple goes least authority in “Lion”

Wednesday, July 20th, 2011 11:24
[personal profile] kpreid

Whoa. They even called it a powerbox as we do.

Apple has chosen to solve this problem by providing heightened permissions to a particular class of actions: those explicitly initiated by the user. Lion includes a trusted daemon process called Powerbox (pboxd) whose job is to present and control open/save dialog boxes on behalf of sandboxed applications. After the user selects a file or directory into which a file should be saved, Powerbox pokes a hole in the application sandbox that allows it to perform the specific action.

Mac OS X 10.7 Lion: the Ars Technica review

It probably ain't capabilities (no bundling of designation of the resource with authority to access it, unless they've replaced file pathnames, which I doubt), but it's a big step in a good direction. UPDATE: Ivan Krstić says “The implementation uses actual capabilities under the hood.”

Tags:
  • Add Memory
  • Share This Entry
This account has disabled anonymous posting.
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.