how can I run a sandboxed OS X app without sandboxing?

Asked 20/2, 2012 at 17:47 Answered 22/2, 2012 at 6:4

Solved macos cocoa mac-app-store appstore-sandbox

I have an app which runs using sandboxing. How can I run it without sandboxing? Suppose I can't just recompile the app with sandboxing off.

Finally answered 20/2, 2012 at 17:47 Comment(0)

This works:

$ ditto MySandboxedApp.app MySandboxedApp.backup.app
$ codesign -f -s- MySandboxedApp.app

Note the extra minus in "-s-".

Finally answered 22/2, 2012 at 6:4 Comment(0)

There are many ways that all do conceptually the same thing - make sandbox_init a no-op. For example you can use gdb for this, set breakpoint on sandbox_init and return from the function right away. Or you could preload a library containing an empty sandbox_init with DYLD_FORCE_FLAT_NAMESPACE=1 DYLD_INSERT_LIBRARIES=foo.dylib where foo.dylib just contains int sandbox_init() { return 0; }.

Note that sandboxing is voluntary and if you run an app outside a sandbox as designed you're making your system more vulnerable.

Thylacine answered 21/2, 2012 at 2:37 Comment(2)

I tried putting a breakpoint on sandbox_init and it wasn't hit. Thoughts? – Finally 22/2, 2012 at 5:38

I guess we are talking about different things then - I was talking about explicit sandboxing (see man sandbox) as used by OS X, but I suppose you're talking about the app store sandboxing which anentirely different specification. – Thylacine 22/2, 2012 at 11:40

Recommended topics

Hot tags