2

Let's say a sandboxed Cocoa-based Application spawns an instance of SSH. So far so good, the SSH process is starting.

The problem is, how to allow the child process to read files (e.g. ~/.ssh/config or ~/.ssh/known_hosts, or even ~/.ssh/my_specific_rsa_id)?

Thank you!

Doodloo
  • 869
  • 5
  • 18

1 Answers1

3

Your spawned process inherits the sandbox of its parent, if this was not the case any process could break out of the sandbox...

You can enable your parent process to have access to these files, either by requesting that access right from the user (and then saving it for subsequent runs using a security-scoped bookmark) or through temporary entitlements.

If you are a developer go to the developer forums and search on SSH in the sandbox topic. The issue is well covered and advice from Apple engineers is available.

If you are not a developer, ditch the sandbox - at least for this app - you're just creating problems for yourself.

CRD
  • 52,522
  • 5
  • 70
  • 86
  • There is nothing on the apple dev forum about this any longer. Can you provide additional information as this is an area of great interest to me? – trojanfoe Oct 09 '12 at 10:20
  • @trojanfoe - items don't get removed from the dev forums, they're still there just hidden ;-) Start by searching in "Application Sandboxing", which is now under "Deployment", and set the "When:" to "All" - it defaults to the last 90 days. From there explore... – CRD Oct 09 '12 at 18:15
  • Ah yes, that will be it. Cheers. – trojanfoe Oct 09 '12 at 19:26