PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-12-22 12:51:34 -05:00
Code

add info about unsandboxed apps

Browse Source
This commit is contained in:
fria 2024-11-26 07:32:01 -06:00 committed by GitHub
parent 8403b92051
commit b41b6b761d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/posts/macos/macOS Security Overview/index.md
View File

@ -28,7 +28,7 @@ sudo pmset -a hibernatemode 25
The [App Sandbox](https://developer.apple.com/documentation/security/app_sandbox/protecting_user_data_with_app_sandbox) is a feature that limits the access an app has to the rest of your system. Developers enable it when they sign their app, so it's not possible for you to enable it or modify the entitlements since they are defined in the signature.
Sandboxed apps are given their own container in `~/Library/Containers` that they have exclusive read/write access to.
Sandboxed apps are given their own container in `~/Library/Containers` that they have exclusive read/write access to. Unsandboxed apps can't access it unless they have root privileges.
The App Sandbox is designed to limit the damage to your system in the event an app is exploited, however it can't protect against malicious developers since they can just disable or weaken the sandbox in a future update if they want. For protection against malicious developers, you'll need to install apps from the App Store where the sandbox is enforced.