yashendra2797
commented
8 years ago Why do you want the app to be sandboxed? The only advantage I can think of is submitting it to the MAS, but Apple doesn't accept any apps related to torrents.
Open mipstian opened 10 years ago
yashendra2797
commented
8 years ago Why do you want the app to be sandboxed? The only advantage I can think of is submitting it to the MAS, but Apple doesn't accept any apps related to torrents.
mipstian
commented
8 years ago What about security? :)
yashendra2797
commented
8 years ago How much would Sandboxing affect security for an app like Catch? Personally I don't think its worth the effort.
mipstian
commented
8 years ago Well that's the cool part, the effort is almost zero. As soon as a version of Sparkle compatible with sandboxing comes out, we just need to update to it and flip the sandboxing switch. No code changes needed in Catch.
We're already mostly covered because the feed checker service inside Catch is sandboxed - it only has outgoing network access + temporary access to the download folder that is passed from the main app. The feed checker service is the most vulnerable part of the app as it's exposed to data coming from the network and contains a parser. So if it is compromised, it can't change any files outside the download folder or start a server (among other things).
But the service does have a backchannel to the main app. So it'd be nice if the main app had no privileges at all. All it needs is access to the download folder, which is granted via powerbox. So even if someone could manage to forge a malicious feed which would cause the main app to misbehave, it would be mostly harmless.
Long story short, we wait on Sparkle and then we get extra security for free :)
yashendra2797
commented
8 years ago Whelp. The Transmission ransomeware shit is now making me push for Sandboxing. Sorry for questioning you mate. Keep up the good work!
mipstian
commented
8 years ago No need to apologize, it was a legitimate question :)
mipstian
commented
3 years ago For reference, the status of Sparkle 2 (the sandboxing release) is tracked at https://github.com/sparkle-project/Sparkle/issues/1523
Currently, the feed checker service is sandboxed, but the main app isn't.
Whenever Sparkle supports sandboxing, we can adopt it in the app as well. Right now the app needs network access so Sparkle can check for updates, but they're slowly turning it into an xpc service with its own entitlements.
The app would only need an entitlement for access to the Downloads directory, which is the default save path for torrent files. Access to other directories would be granted via Powerbox. All networking is already done by the service.
Existing users that already have a custom folder in their preferences would need to re-select it. Luckily this should be self-correcting, because with sandboxing this folder would be inaccessible, and will thus cause the preferences window to pop up on launch with an error icon next to it. I think users would be able to figure out what to do at this point, especially if we add a warning to the release notes, so the transition shouldn't be too bumpy.