Why does an old OS 9 Installer, for example Cyberdog, have the power to kill OS X applications? I don't understand why it affects OS X and that was quite a surprise to me yesterday, is this fixed in Panther? Ack and CyberDog wouldn't even run in Classic
Comments
Originally posted by Aquatic
Why does an old OS 9 Installer, for example Cyberdog, have the power to kill OS X applications? I don't understand why it affects OS X and that was quite a surprise to me yesterday, is this fixed in Panther? Ack and CyberDog wouldn't even run in Classic
really, I could get cyberdog to run in classic.
P.s. Cyberdog is recognized by Mac OS X's spellchecker! Wow!
Originally posted by DMBand0026
OS 9 installers always ran as root, as did everything in OS 9. Now in OS X some things run at the system or user level. Installers however still run as root, giving them the power to change everything they want.
If this is true, then it is a serious security hole in OS X with Classic running. I remember not long time ago, that a Classic Netscape vulnerability has been identified and the only solution was to not run Netscape in Classic.
Originally posted by PB
If this is true, then it is a serious security hole in OS X with Classic running. I remember not long time ago, that a Classic Netscape vulnerability has been identified and the only solution was to not run Netscape in Classic.
I think that's NOT true but I'm not sure.
It's up to the target app if it complies or not. Any decent app will at least pop up a dialog box if there are unsaved changes.
Amorya
Originally posted by Aquatic
What if it's an app like Carracho Server where it is critical that it stay up yet doesn't have "changes" it will prompt to save? This just seems like a major Classic flaw. Classic is always listed on the What's New in OS X updates but this would be a nice hole to see plugged. It has no reason to affect OS X apps. For that matter I never saw why it even affected other OS 9 apps.
It's not a classic flaw. It's the application installer telling other applications to quit. There's nothing classic can do about that.
Originally posted by Aquatic
Yes there is. Why should it affect OS X?
The installer tells all apps to quit. I'm not sure what you're calling a flaw. That's how it's *supposed* to work. It's got nothing to do with classic being at fault.
Originally posted by Amorya
Any app can tell any other app to quit. (Including OSX apps.)
Telling other apps to quit is one thing, acting as root without enabled root account or asking for password is another. This anonther is what worries me (Windows-level insecurity). Is this true for the Classic environment, as DMBand0026 seems to indicate, or not? Could anyone enlighten us?
Originally posted by Aquatic
Yes there is. Why should it affect OS X?
I agree, and can see no good reason why carbon/cocoa apps should be affected. I mean, if you can restart the entire classic envionrment without even touching your OS X apps... then, what gives??
I recall reading that OS X and Classic communicate through high-level system events, including AppleScript. My guess: there's an 'ask all apps to quit' event generated by the installer, which simply gets fowarded on to (and interpreted literally by) OS X's application environment.
Originally posted by PB
Is this true for the Classic environment, as DMBand0026 seems to indicate, or not? Could anyone enlighten us?
Yes, it's true.
It's necessary because classic apps don't expect there to be any restrictions on the system. Classic was made for compatibility. If every app had to be rewritten to cope with the extra security, then Classic would not be doing its job.
Amorya
Originally posted by Amorya
Classic was made for compatibility. If every app had to be rewritten to cope with the extra security, then Classic would not be doing its job.
Yes, but what aspects of 'compatibility' or 'extra security' would demand the termination of apps running in a completely separate environment?
This is a feature.
If you have an uptime-critical application (somehow I'm thinking of something other than Carracho Server
When people need servers to run reliably, they install everything they need to before taking them online, configure them to be as lean as possible, lock them down, and then let them run undisturbed.