Tighten Pro C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation
Tighten Pro - in the Mac App Store
Tighten Pro is now available in the Mac App Store.
Simply click on the icon to the left to purchase directly from Apple.
Or choose PKCS#7Viewer.app by clicking the image to the right.
|
Mac Developer: The Steve Jobs I Knew - Walt Mossberg - Mossblog - AllThingsD
The Steve Jobs I Knew - Walt Mossberg - Mossblog - AllThingsD: "That Steve Jobs was a genius, a giant influence on multiple industries and billions of lives, has been written many times since he retired as Apple’s CEO in August. He was a historical figure on the scale of a Thomas Edison or a Henry Ford, and set the mold for many other corporate leaders in many other industries."
This is a terrific article. Delayed by 15 minutes. Labels: apple
|
|
|
Mac Developer: ARM-Based Chips Make Better Windows PCs, Says Qualcomm CEO - Ina Fried - Mobile - AllThingsD
ARM-Based Chips Make Better Windows PCs, Says Qualcomm CEO - Ina Fried - Mobile - AllThingsD: "Qualcomm has sponsored a contest to encourage developers to write Windows RT apps as well as, in some cases, help to fund their development. Jacobs said that Microsoft isn’t really being given the benefit of the doubt here, despite its long track record of attracting developers."
Unfortunately, nothing as powerful as Cocoa is likely to debut on any platform any time soon. Labels: cocoa, windows rt
|
|
|
Mac Developer: com.apple.security.temporary-exception.sbpl
The com.apple.security.temporary-exception.sbpl entitlement seems to have been given bona fide status: login to itunesconnect and you can at least add it to your list of requested entitlements for submitting. Good news, because I'm not sure how you can write code in a posix environment without posix shared memory and semaphores. Labels: entitlements, sandbox policy language
|
|
|
Mac Developer: FileXaminer
FileXaminer: "FileXaminer is an award winning 'Get Info' application. FileXaminer allows you to modify file and folder attributes that the Finder cannot. FileXaminer is powerful and easy to use – making it the best 'Get Info' application for Mac OS X."
I'm trying to figure out why some code I'm working on will not work correctly in the sandbox and I believe it has to do with file permissions. I had a hankering for a GUI tool and had a bit of trouble finding something. Labels: finder, finder getinfo, plugin
|
|
|
Mac Developer: Access Control Lists in OS X
Mac OS X 10.4 Tiger | Ars Technica: "Access control lists, or ACLs, are a finer-grained, more flexible way to control file permissions: who can do what to which files. In Tiger, ACLs are a supplement to the traditional Unix file permissions. Since I've never covered Unix file permissions in a Mac OS X article before, I'd like to do so now. "
Good article on ACL permissions I found googling. Labels: access control lists, mac os x, security
|
|
|
Mac Developer: sandbox policy language temporary entitlement
If you're adopting sandboxing outside the App Store, the syntax for the sandbox policy language temporary exception entitlement is:
<key>com.apple.security.temporary-exception.sbpl</key>
<string>
(begin
(allow system-fsctl))
</string>
Labels: sandbox policy language, temporary entitlement
|
|
|
Mac Developer: Sandbox History III: OSX Sandboxing Design - The Chromium Projects
OSX Sandboxing Design - The Chromium Projects: "Sandboxing treats a process as a hostile environment which at any time can be compromised by a malicious attacker via buffer overruns or other such attack vectors. Once compromised, the goal is to allow the process in question access to as few resources of the user's machine as possible, above and beyond the standard file-system access control and user/group process controls enforced by the kernel."
A very clear description of the sandbox.
Labels: sandbox, sandbox policy language
|
|
|
Mac Developer: Sandbox History II: sandbox_init()
const char *sandbox_profile = '(version 1)'
'(deny default)'
/* * Allow use of semaphores: sem_init() etc. This is required on * OS X 10.6 but not on 10.5. */
'(allow ipc-posix-sem)'
/* * Allow shared memory segments to be created: shm_open() etc.
This * is required on OS X 10.6 but not on 10.5. */
'(allow ipc-posix-shm)';
void NaClEnableOuterSandbox()
{ char *error;
int rc = sandbox_init(sandbox_profile, 0, &error);
if (rc != 0) NaClLog(LOG_FATAL, 'Failed to initialise Mac OS X sandbox: %s\n', error);
}
SOURCE: nativeclient.googlecode.comLabels: entitlements, sandbox, sandbox policy language
|
|
|
Mac Developer: Sandbox History: Apple Sandboxes Part 1 at Useful Security
Apple Sandboxes Part 1 at Useful Security: "Linux isn’t the only operating system with activity in the enhanced access control department. Apple recently released Mac OS X 10.5 Leopard, which includes a new feature called a sandbox (or seatbelt, depending on where you’re looking) as well. I delved into the sandbox mechanisms a bit and wanted to report my findings."
Origins of the sandbox system used in Mac OS X. Labels: entitlements, sandbox, sandbox policy language
|
|
|
Mac Developer: Sandboxing sem_open entitlement
SandboxingI did the same for now. At the Developer forums I got this reply from someone who had the exact same issues with using sem_open in a Sandbox.
I'm on the lookout for any information about temporary exception entitlements that can be applied to named semaphores. In keeping with the spirit of information wants to be free, I present here: http://reverse.put.as/wp-content/uploads/2011/09/Apple-Sandbox-Guide-v1.0.pdf In particular, I'm looking for a solution that both works on 10.7.4 and Mountain Lion.
UPDATE:
Here's an example of an entitlement for shared memory and semaphores:
<key>com.apple.security.temporary-exception.sbpl</key>
<string>
(begin
(allow ipc-posix-sem)
(allow ipc-posix-shm)
</string>
Labels: entitlements, hacking osx, quarantine bit, sandbox
|
|
|
Mac Developer: Tighten Free 1.0.11
Update to Tighten Free version 1.0.11. Minor changes include adding obfuscation to enum symbols and eliminating warnings about unused statements.
Labels: codesign, mac app store, receipt, validation, xcode
|
|
|
| |
|