On Sep 22, 2009, at 9:47 AM, Mark Woods wrote:
However, when the task crashes, a Crash Reporter dialog appears which could be confusing for the user and ugly if several appear at once. Is there any way to suppress these messages and prevent them from appearing?
I'm pretty sure there is, but I don't see anything relevant in NSTask.h. It's possible you have to use lower-level calls like fork/ exec to get that degree of control.
The task checks the validity of certain files and in some cases, the task could definitely crash if the data is corrupt - that is the whole purpose of launching a separate task. This is not a problem as the application notifies the user if the task was not successful.
This kind of rings an alarm bell in my head. The problem is that, if your subtask isn't explicitly handling invalid data, it could do far worse things than simply crash. For example, it could go into an infinite loop, or start allocating memory like crazy till it fills up its address space (which can drag the user's system to its knees for a while). Worst, it's possible that malicious data could be used to take over the process and run arbitrary code — there have been many attacks on web browsers that exploited buffer-overrun bugs in decoders for innocuous data types like JPEG files.
Sure, you could use the sandbox API to run the task without privileges to do nasty stuff to the user's system, and call setrlimit to limit its address space, and you set some arbitrary timeout to decide that it's gone into the weeds and kill it. But I think it makes more sense to write the parser defensively in the first place.
—Jens_______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
