{"id":14698,"date":"2016-06-02T11:15:31","date_gmt":"2016-06-02T15:15:31","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=14698"},"modified":"2016-06-02T11:16:15","modified_gmt":"2016-06-02T15:16:15","slug":"sandbox-workaround-for-blizzard-apps","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2016\/06\/02\/sandbox-workaround-for-blizzard-apps\/","title":{"rendered":"Sandbox Workaround for Blizzard Apps"},"content":{"rendered":"<p><a href=\"https:\/\/twitter.com\/i0n1c\/status\/738018742710460420\">Stefan Esser<\/a> posted a <a href=\"https:\/\/pbs.twimg.com\/media\/Cj34HzRWkAAcAME.jpg\">screenshot of code<\/a> where it looks like Apple&rsquo;s OSes skip a sandbox check if the code is running under Blizzard&rsquo;s team identifier. <a href=\"https:\/\/twitter.com\/i0n1c\/status\/738036161441042432\">Stefan<\/a> <a href=\"https:\/\/twitter.com\/i0n1c\/status\/738040366545444864\">Esser<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/i0n1c\/status\/738036161441042432\"><p>I wonder why the iOS sandbox omits certain sandbox checks if code is signed by Blizzard Entertainment Inc.<\/p><\/blockquote>\n<blockquote cite=\"https:\/\/twitter.com\/i0n1c\/status\/738040366545444864\"><p>It looks like if you are signed by blizzard you can execute whatever executables you find on an iOS device.<\/p><\/blockquote>\n<blockquote cite=\"https:\/\/twitter.com\/i0n1c\/status\/738036161441042432\"><p>Luckily we all know that Blizzard Games never have remote vulnerabilities :-)<\/p><\/blockquote>\n<p>This struck people as <a href=\"https:\/\/twitter.com\/gruber\/status\/738074497979453440\">dangerous<\/a> <a href=\"https:\/\/twitter.com\/petermaurer\/status\/738086963048284163\">and<\/a> <a href=\"https:\/\/twitter.com\/petermaurer\/status\/738090006783373312\">unfair<\/a>, which perhaps speaks to how much faith developers have in Apple fairly enforcing its own rules. However, it turns out that it&rsquo;s not actually a sandbox exception but rather a <a href=\"https:\/\/twitter.com\/gruber\/status\/738149554978070529\">workaround<\/a> for a crashing bug.<\/p>\n<p><a href=\"https:\/\/twitter.com\/hey_pom\/status\/738065481320386560\">POM<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/hey_pom\/status\/738065481320386560\"><p>This path is for the <code>access()<\/code> call, not for the actual enforcement.<\/p><\/blockquote>\n<blockquote cite=\"https:\/\/twitter.com\/hey_pom\/status\/738072669346631680\"><p>But it doesn&rsquo;t mean they can execute, it means we make them believe they could.<\/p><\/blockquote>\n<p><a href=\"https:\/\/storify.com\/gruber\/blizzard-exemption-to-ios-and-macos-sandbox\">John Gruber<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/gruber\/status\/738149554978070529\"><p>Practically speaking, all sandboxing rules still apply to Blizzard apps; workaround doesn&rsquo;t allow operations that other apps can&rsquo;t do too.<\/p><\/blockquote>\n<blockquote cite=\"https:\/\/twitter.com\/gruber\/status\/738150210853965825\"><p>And Blizzard has fixed their updater, so the workaround shouldn&rsquo;t be needed in next update.<\/p><\/blockquote>\n<blockquote cite=\"https:\/\/twitter.com\/gruber\/status\/738150578497323008\"><p>My takeaway is that Apple will go to extraordinary lengths to avoid crashers in super-popular apps, even when it&rsquo;s entirely the app&rsquo;s fault.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Stefan Esser posted a screenshot of code where it looks like Apple&rsquo;s OSes skip a sandbox check if the code is running under Blizzard&rsquo;s team identifier. Stefan Esser: I wonder why the iOS sandbox omits certain sandbox checks if code is signed by Blizzard Entertainment Inc. It looks like if you are signed by blizzard [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[1390,131,31,1137,26,30,32,1199,53],"class_list":["post-14698","post","type-post","status-publish","format-standard","hentry","category-technology","tag-blizzard","tag-bug","tag-ios","tag-ios-9","tag-iosapp","tag-mac","tag-macapp","tag-mac-os-x-10-11","tag-sandboxing"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/14698","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=14698"}],"version-history":[{"count":2,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/14698\/revisions"}],"predecessor-version":[{"id":14701,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/14698\/revisions\/14701"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=14698"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=14698"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=14698"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}