Re: Use of GSAppKitUserBundles/Camaelon issues with Gorm

[Alexander Malmberg]

Gregory John Casamento wrote:
> All,
> 
> I am writing this email to caution anyone using Camaelon that, since Camaelon
> uses    poseAs: on some classes that it may cause problems with Gorm encoding
> since it, in using poseAs:, replaces some of the classes in the Objective-C
> runtime.   There is nothing that Gorm can do to detect this, so far as I know.
> 
> The above is just one example of the kinds of problems that can be caused.  I
> also concerned about malicious use of this default to insert code into an
> application.

In order to do that, an attacker would have to be able to read and write
your defaults. If that's the case, you've lost already.

> I propose a simplistic solution:
> 
> A call-back, or a notification, or something that tells the application that
> it's about to load a bunch of bundles and allows that application to make a
> decision, at that point, to either allow or disallow the loading of the
> bundles.

The GSAppKitUserBundles mechanism (I assume this is the one you're
talking about) is there specifically to give users an easy, standard way
of loading arbitrary bundles into arbitrary apps. Giving apps a way of
overriding it defeats its purpose, and would be the wrong thing to do.

Apps have no business trying to prevent a user from adding bundles to
it. OTOH, users have no business expecting support when they do
non-supported things, and you're free to only support standard
configurations (or none at all). :)

Is there a Camaelon page? It'd be probably be a good idea to mention
that it shouldn't be used with Gorm on that page, and give instructions
for disabling it in Gorm; I think a simple "defaults write Gorm
GSAppKitUserBundles ''" would be enough.

- Alexander Malmberg