

The Sandbox : banning LaTeX from the Mac App Store - steeleduncan
http://vallettaventures.com/post/20458410521/the-sandbox-banning-latex-from-the-mac-app-store

======
kochbeck
I haven't delved deeply into the problem they're describing here, but it seems
like I haven't really heard any very creative solutions to this.

For instance, can you still create a named pipe inside the sandbox that the
parent process can have the right to use? Write to it, then you could just
have a consumer that takes the output of that process and writes it to an
imposed directory structure in SQLite blobs in a data store that the parent
also owns. You'd lose some key functionality unless you chunked the data a
bit. And, you know, mmap() would be impossible to simulate, but nobody ever
promised a reliable implementation of that.

It confuses me, because I've seen a handful of these worries expressed, and it
seems like a bunch of traditional UNIX-y methods for dealing with these kinds
of problems are still open. I don't know what all the rules are, because I
haven't really seriously looked at it, but I can think of at least three old
UNIX tricks off the top of my head that probably solve this concern acceptably
for 80% of apps that have it - you could use named pipes; you could redirect
output to a third process like netcat that connects back to a handler process
via a domain socket and deals with it; the parent could open a shm segment and
maintain a DMA-like sweeper that takes blocks off, puts them into files it
owns, and keeps its own little virtual FS.

I know none of those is straight fopen(), but somebody would only have to
write it one time. Seems like a classic my-current-filesystem-is-mounted-ro
problem. That used to be a pretty everyday occurrence, and any old sys admin
has 100 workarounds for it.

And remember before you squawk about chunked byte streams being inserted into
blobs: there's 15 years of Oracle Video Server delivering PPV porn to the
hotelier masses that says it works fine.

~~~
jawaddeo
I seriously doubt any such attempts to sidestep will succeed in a world where
the problems is not just technical (you may be able to fool the sandbox
enforcing system), but a matter of getting your app approved, not just once
but with every update, small or large.

The added complication is that in this case LaTeX itself decides to spawn a
few calls to various utilities it uses under the hood. Those attempts will
simply be blocked by the OS inside the sandbox. So you won't be able to
typeset successfully.

