Comments on: Sandbox Corners Official blog of Red Sweater Software Wed, 12 Nov 2014 14:28:11 +0000 hourly 1 By: Derek Sat, 05 Nov 2011 11:45:07 +0000 Useful idea, but it doesn’t always seem to work.

Using 10.6.8 with latest updates, I get errors.
Maybe the ‘trace’ facility only works on 10.7?

derek$ sandbox-exec -f /tmp/ /Applications/
2011-11-05 11:40:43.956 TextEdit[7141:907] No Info.plist file in application bundle or no NSPrincipalClass in the Info.plist file, exiting

whereas I can start Textedit quite happily as:

derek$ /Applications/

Similarly for an app of my own, I see:

derek$ sandbox-exec -f /tmp/ ./
Bringing front
2011-11-05 11:43:00.267 Zz[7142:907] appWillFL
2011-11-05 11:43:00.318 Zz[7142:907] *** Assertion failure in _NSLocateKitBundle(), /SourceCache/AppKit/AppKit-1038.36/AppKit.subproj/NSApplication.m:6482
2011-11-05 11:43:00.319 Zz[7142:907] Can’t find AppKit resources.
2011-11-05 11:43:00.368 Zz[7142:907] appWillBA
2011-11-05 11:43:00.370 Zz[7142:907] appDidBA
2011-11-05 11:43:04.729 Zz[7142:907] appWillRA
2011-11-05 11:43:04.731 Zz[7142:907] appDidRA

Suggesting that even with just ‘trace’ there are some filesystem accesses which fail.

By: Karsten Sat, 10 Sep 2011 16:42:35 +0000 Thanks so much for that post! i’ve been looking into this whole sandbox stuff just some days ago and found it absolutely frustrating without the trace function. Your script really takes away the pain!!

here’s also the bash version (worked for me)

function sbx()
echo ‘(version 1)
(trace “/tmp/”)’ > /tmp/
sandbox-exec -f /tmp/ $1
sandbox-simplify /tmp/ > /tmp/
open -t /tmp/


By: Dave Reed Fri, 09 Sep 2011 20:44:02 +0000 Has Apple provided any more details about sandboxing than a “November deadline”? I’ve yet to see anything more official and that date is drawing near. I think I’ve got a sample app working with the XPC functionality I need for my app, but I haven’t actually integrated it into my app yet.

By: TimeDwarf Fri, 09 Sep 2011 19:41:13 +0000 I suspect that there will be further access to complex and core privileges with additional tiers of code signing. The vetting process for advanced access will likely be of a standard equivalent to acquiring bonded status as a business. You would then stand out as liable for misuse of the extra privileges.

I’d be very interested to hear your thoughts about the code signing features and their effects& possible chillling of enthusiasm upon new and younger developers.

By: elasticthreads Fri, 09 Sep 2011 19:11:39 +0000 Thank you for the truly helpful post.

I hope Apple figures out a reasonable way to allow robust AppleScript events in sandboxed apps. Seemed like the creation, and continuing support, of ApplescriptObjC was a sign that Apple would continue to promote and welcome cross app scripting and communication on OS X.

I’d be really interested to know (and maybe the developer of FastScripts might know the answer) what security vulnerabilities exist within AppleEvents and cross-application communication. Obviously “Do shell script…”, “tell application “Finder” to erase…”, “tell application “System Events…” all have a lot more power, and danger, than a sandboxed app “should” have. Is it as simple as that?

What are your thoughts on how much Apple should limit AppleScript in sandboxed apps?

By: Ted Wise Fri, 09 Sep 2011 19:07:43 +0000 Sandboxing doesn’t really work for applications that allow scripting to control the system. And, as you’ve stated, some applications have to cut features to fit into the existing sandbox privileges. Look at how 1Password was modified to fit into the Mac App Store. In some cases, it requires re-thinking, 1Password switched from installing browser plug-ins to bringing up a web page that a user could download the plug-ins from. Less convenient, but works in the sandbox model.

But the reality is that some applications, especially applications that need to reach into the system or control elements that Apple doesn’t allow or support to be controlled, won’t be able to be sandboxed. But then, most of those applications weren’t suitable for inclusion in the Mac App Store anyway.

It’s a tradeoff that most end-users won’t even know is being made but will appreciate as increased security. But it’s annoying to developers who no longer have automatic privilege escalation when editing locked files in BBEdit.