
Blizzard Exempt from iOS and MacOS Security Sandbox - personjerry
https://twitter.com/i0n1c/status/738018742710460420
======
Aissen
Tweet has been deleted:
[https://twitter.com/i0n1c/status/738258436161449984](https://twitter.com/i0n1c/status/738258436161449984)

 _I deleted the tweet with the picture of the sandbox because people start
hyping it up without linking the clarification._

And the "clarification" tweet:
[https://twitter.com/i0n1c/status/738084828202053633](https://twitter.com/i0n1c/status/738084828202053633)

 _For those late to the party: the sandbox bypass exception for Blizzard only
affects the access() family of syscalls - probably harmless_

Edit: Original tweet screenshot
[http://imgur.com/c8RnYjo](http://imgur.com/c8RnYjo) (it's still in Google
cache… for now).

~~~
personjerry
I Google'd and here is one result, showing at least one theoretical security
vulnerability of access():
[http://stackoverflow.com/a/14333217/3650441](http://stackoverflow.com/a/14333217/3650441)

If an attacker knows what files Blizzard is calling access() on, they could
likely use this exploit and execute arbitrary code.

~~~
yoz-y
Could they though? The way I understand the answer is that the security hole
happens if a privileged user which manipulates files for an unprivileged user
calls access() and then open(). In this case Blizzard's application is an
unprivileged user, thus even if you manage to insert yourself between the
calls, you will only be able to make Blizzards application execute code. The
application still runs in a sandbox so you will not get that far.

------
chillacy
I recall a story of how the windows 95 team (or the like) was crazy dedicated
to backwards compatibility, so they had a check to see if the user was running
Roller Coaster Tycoon and if so, disabled virtual memory so the game would
run.

Though I'd like to know more details, like:

* Why does blizzard need to run in the sandbox on Mac OS X? The app sandbox is opt-in (though required for App Store apps)

* Can anyone set their team ID to blizzard's?

* Are blizzard games attack vectors?

~~~
AimHere
Okay, nitpick time. Your story about the game is surely wrong. Rollercoaster
Tycoon was developed for Windows 95/98.

Perhaps you meant it's a later version of Windows, or the game's spiritual
predecessor, Theme Park, which ran in DOS.

~~~
brynedwards
Probably SimCity, there's a bit about Microsoft adding a workaround for a bug
in the game in this article
[http://www.joelonsoftware.com/articles/fog0000000054.html](http://www.joelonsoftware.com/articles/fog0000000054.html)

Edit: Maybe not this since it's unrelated to virtual memory but it's along the
same lines, going to some lengths to keep software compatible

~~~
chillacy
You're right that's the story I was thinking of. I didn't remember all the
details though, I guess I knew some old version of windows, some simulation
game, and something involving memory. Turns out the actual details got mixed
up in my head!

------
pcwalton
There are a lot of checks for specific apps in the Cocoa framework. It's
pretty much what the undocumented CFExecutableLinkedOnOrAfter() is for
(sometimes called in conjunction with a check for a specific bundle name).

~~~
afandian
Do you have examples?

~~~
Kallikrates
one example is Popover controls on iPhone.
[http://marksands.github.io/2014/05/27/how-apple-
cheats.html](http://marksands.github.io/2014/05/27/how-apple-cheats.html)

------
BakaRakuda
Nobody saw this yet?

[https://mobile.twitter.com/gruber/status/738149554978070529](https://mobile.twitter.com/gruber/status/738149554978070529)

Turns out a complete non-story.

~~~
coldtea
Non-story? This just confirms that Blizzard indeed got an exception.

The reason doesn't make it a "non-story" in any way.

Nobody sane expected the reason to be anything besides something like that
(e.g. some evil root access plan) -- and it's still a story.

~~~
BakaRakuda
Yes non-story, read through tweets and links in the link I posted.

The "story" here was that Apple was being irresponsible by giving Blizzard an
exception to the sandbox.

In actuality it's little more than a shim to make a buggy Blizzard updater not
crash by thinking it could do something it couldn't.

------
coldcode
When I worked at Apple before Steve came back there were tons of checks in
MacOS for particular versions of apps, especially for Microsoft Word and
Excel, working around their buggy behavior (or their workarounds for Apple's
buggy behavior, a vicious cycle). While I have no idea if this person knows
anything it would not be surprising.

~~~
coldpie
Yeah. We port Windows applications to Mac at work. A couple years ago when
Apple switched on a more stringent code signing requirement, we found many of
our ports worked without the updated code signing, while some others would
warn about an invalid signature. It was clear there was some internal
whitelist for old, known signatures which had picked up many, but not all, of
our ports. User friendly, I guess, but pretty ugly.

~~~
rarepostinlurkr
What's the alternative, users wait for some porting house to finally get
around to releasing an update to be compatible? Oh, you don't have it in your
contract to do that work, and the parent company isn't keen to pay you to do
it, sorry users.

Maybe your update is now a paid update, so people can either pony up, or not
upgrade, or abandon your software. Hello CS6. Was your latest update $10k?
*major enterprise developer thanks you for the multi million dollar windfall
your OS update gave them by forcing all their deploys to pay for a
compatibility update, caused by "you".

Being a major platform developer is full of hard decisions balancing user
experience and security, performance and future looking direction. It's not a
problem most developers have to concern themselves with in your average app.

------
mikeash
Horribly misleading title here. Blizzard is exempt from _one tiny piece_ of
the sandbox, namely the sandboxing around access(). Which is nearly
irrelevant.

~~~
protomyth
Why does Blizzard need an exception while the rest of us have to deal with it
as is? Exceptions to rules mean the rules are broken.

~~~
mikeash
I have no idea, why are you asking me?

~~~
protomyth
Figuring you know the what so maybe you know the why. You often know more than
most.

[edit: why the heck are people voting mikeash down, legitimate question after
all in tone and spirit]

~~~
mikeash
I'd speculate that access() was inadvertently left open before, Apple
subsequently sandboxed it, this broke Blizzard, and Apple put in an exemption
for them to avoid breaking millions of people's games.

But that's a complete guess.

------
sprayk
Hearthstone is used for competitive play on iOS devices regularly. Would this
exemption let them employ some anti-cheating functionality?

------
unlinker
This guy published an app that did jailbreak detection and some other stuff on
the App Store, it was taken down, and has been rambling since then in a very
very childish way about stuff like this:
[https://twitter.com/i0n1c/status/738286205708738560](https://twitter.com/i0n1c/status/738286205708738560)

Truth is--he knew what was going to happen, so this looks just like another
excuse to rant.

~~~
Longhanks
He is known in the jailbreak scene as someone who cannot stay serious - he's
always involved in some kind of drama.

If I recall correctly, the pangu dev team attended some of his sessions about
iOS hacking and used this knowledge to create a publicly available jailbreak
tool. He then started to rant about how they "stole" his technologies on
twitter (see for example
[https://twitter.com/i0n1c/status/481020166483238912](https://twitter.com/i0n1c/status/481020166483238912)).

More about his childish public behavior related to the jailbreak scene can be
read here: [http://www.iclarified.com/41983/pangu-jailbreak-stops-
using-...](http://www.iclarified.com/41983/pangu-jailbreak-stops-
using-i0n1c-bug-burns-another-exploit)

~~~
atomic_lock
The problem at the time was that they had used _his_ bug that he gave away
only for training purposes to the people attending his class.

After the first release, pangu replaced his bug by one of theirs (and both
bugs were fixed by apple in a subsequent iOS release.) He probably had to
spend some time finding a new bug to use in his classes so it's understandable
to be pissed.

~~~
Jtsummers
How do you own a bug? Was the bug something in iOS? Wouldn't that be _Apple
's_ bug?

A sibling post said they took his code. That's a fair complaint, was it clear
when they saw it that it was not code that they could reuse?

~~~
stevehawk
Actually, I believe that's the next (or current) big debate in software due to
privacy/search warrants/recent FBI vs Apple iPhone unlock debacle.

