Opened 7 years ago

Last modified 2 years ago

#4403 new Enhancement

OS X Sandboxing

Reported by: collegeitdept Owned by: livings124
Priority: Normal Milestone: None Set
Component: Mac Client Version: 2.33
Severity: Normal Keywords: Sandbox, security
Cc:

Description

Add support for App Sandboxing for OS X Lion.

I believe that all applications should be secure and Apple also believes this and will enforce that all apps on the Mac AppStore? be sandboxed.

Please add sandboxing to Transmission shortly!

If there needs to be any communication/help, Ivan Krstić, the developer in charge of security & sandboxing at Apple has a twitter account and has been answering/helping many developers sandbox their applications.

http://twitter.com/#!/radian

Change History (14)

comment:1 Changed 7 years ago by livings124

  • Milestone changed from 2.40 to None Set
  • Priority changed from Highest to Normal
  • Severity changed from Major to Normal

Please don't set milestone without patches.

comment:2 Changed 7 years ago by jordan

  • Component changed from Transmission to Mac Client
  • Owner set to livings124

comment:3 Changed 6 years ago by collegeitdept

Does sandboxing look like it will get added?

comment:4 Changed 6 years ago by livings124

The ticket hasn't been closed, but work has not been done on it.

comment:5 follow-up: Changed 6 years ago by livings124

Looking into this, the major concern is that to support sandboxing likely requires all transfers added before running the sandboxed version of the app to be removed.

comment:6 Changed 6 years ago by collegeitdept

This would not be a "problem." IE: torrents are routinely refreshed and re queued with new torrents all the time (although maybe not all at once - this still wouldn't present a burdensome problem for users). Even better... during the upgrade with Sandboxing... resave all Torrent files (the actual .torrent files) for all active torrents so the user can re-add them.

Sandboxing is going to happen. It has to happen. It's more secure and Apple is putting a lot of weight on it.

I hope that the Transmission developers will start working on implementing this soon (at least start).

To be sure, it wouldn't surprise me in the future (a few years) that all Mac apps are sandboxed.

comment:7 Changed 5 years ago by collegeitdept

Where are we on sandboxing?

comment:8 in reply to: ↑ 5 Changed 5 years ago by collegeitdept

Replying to livings124:

Looking into this, the major concern is that to support sandboxing likely requires all transfers added before running the sandboxed version of the app to be removed.

This is not at all a problem as after you update OS X versions... any previously opened (and still open) files that should preload when first running apps are not loaded at startup. This happens in Preview.app, textedit.app, etc..

When you update OS X - apps will not reopen previously open files pre-OS update. (because of sandboxing)

Please consider improving the security of Transmission.

The same resistance was evident with the suggestion to include XProtect file quarantine flag feature to Transmission a few years ago.

Sandboxing is the right thing to do and should happen soon.

comment:9 follow-up: Changed 5 years ago by livings124

People expect the transfers to remain between updates. That's different than keeping windows open.

comment:10 in reply to: ↑ 9 Changed 5 years ago by collegeitdept

Replying to livings124:

People expect the transfers to remain between updates. That's different than keeping windows open.

You're forgetting the fact that transfers are a revolving number... old transfers are flushed out regularly with new ones. Secondly, the security benefits are HUGE. Transmission connects to the internet by definition and downloads files! - Sandboxing couldn't be more important and serious.

I'm not understanding the resistance to this. Sandboxing the app IS the right thing to do.

If old transfers is such a huge issue (and I HIGHLY doubt it is) there are simple ways to overcome this issue that presents itself ONE TIME! (Like a simple AppleScript? that could be included in the DMG - though no one would opt to use because it is a non-issue).

Please do understand that because Transmission connects to the internet and has access to the complete file-system (it's more of a possible threat than even Flash or Java), it increases the attack vector. The previous versions of Flash (pre-Mavericks) were somewhat segregated, and JAVA is even sandboxed (though not very well).

This is the right thing to do. (And is mandatory for any MacAppStore? app).

comment:11 Changed 5 years ago by collegeitdept

Because of the widespread use of Transmission in the Mac universe - I would not be surprised (and the developers shouldn't either) if in the future Transmission became the target of malware and attackers — because of it's completely unlimited and complete access to the file system.

Just as a reminder - Preview.app and even QuickLook? apps are sandboxed... Why isn't Transmission? It's been 2 years since this was first proposed.

Last edited 5 years ago by collegeitdept (previous) (diff)

comment:12 Changed 4 years ago by mr_dj

Probably because : "Transmission is a volunteer project and welcomes help."-trac homepage. The transmission development is split between many platforms/versions of, most of which also see widespread use. I can see how its not a major priority; for the few for whom it is should/would be bringing their own contributions to the table. Please forgive if this sounds snide, its not my intention.

Also, from my understanding (which may be false) transmission.app only holds as many file permissions or privileges as the user running it. This is why its always recommended to have a standard account as your main and an admin account when needed, even if you're the only who uses the machine. This is the built in unix security thats often mentioned.

I guess if apple is gonna sell someone's app in their store, they need some sort of insurance that even the user won't mess up... I was surprised when you mentioned preview and quicklook but then since they open pdf's it was a no brainer for them.

comment:13 Changed 4 years ago by s_r_h

This is why its always recommended to have a standard account as your main and an admin account when needed, even if you're the only who uses the machine. This is the built in unix security thats often mentioned.

The attacker getting root or not is not very important. The most important threat is access to the user's home directory. Sandboxing would seemingly (based on a quick scan of the documentation) let Transmission.app's access be limited to files (or new directories, hopefully) that the user explicitly selects, instead of all the user's files.

comment:14 Changed 2 years ago by collegeitdept

Upping this *Security* enhancement request again

This is very important especially going forward as we're seeing more bad actors targeting Mac users and even Transmission itself

Sandboxing - limiting the scope of access to the users files - should have been implemented a few years ago

Please incorporate soon

PS... As I've predicted 5 years ago, Transmission *itself* has even become a target by hackers.

Last edited 2 years ago by collegeitdept (previous) (diff)
Note: See TracTickets for help on using tickets.