On 25.01.2010, at 11:15, vincent habchi wrote: > I never meant I know things better than Apple: I understand the reasons, I > don't say they are pointless - in fact I agree with most of them. I just > wonder why, since I know at least two or three Unix/BSD/X11 applications that > run under superuser privileges, and this has never raised a strong protest > amidst security addicts. But I know MacOS is not Unix :)
At WWDC I was told that Apple don't test AppKit against root (or at least, not much). Since the idea is to limit the time applications run as root for security reasons, there is no high priority find and fix such issues in AppKit. This means Apple can focus more of its developers on hardening the command-line part against root exploits. There have been issues like this in the past. For example, for a while, loginwindow used to load QuickTime components, which would then get loaded as root. A harmless application installing a QuickTime component could then cause the OS to crash at login time, as root. So, whatever your or my or Gwynne's personal opinion, Mac OS X has been designed under the assumption that no GUI app will be run as root (only a few tasks like loginwindow). If you do so anyway, you're tearing a hole in Apple's security policy and endangering your users' Macs. Cheers, -- Uli Kusterer "The witnesses of TeachText are everywhere..." _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
