(applehelpwriter.com)

1037 points 8bitben | 1 comments | 09 Sep 16 15:52 UTC | HN request time: 0s | source

Show context

tomku ◴[09 Sep 16 16:25 UTC] No.12463685[source]▶

Non-clickbait title: "How Dropbox uses the root access that you give it during installation to give itself Accessibility authorization without triggering the usual popup".

replies(7): >>12463788 #>>12463995 #>>12464020 #>>12464453 #>>12464504 #>>12466157 #>>12468163 #

hyh1048576 ◴[09 Sep 16 16:35 UTC] No.12463788[source]▶

>>12463685 #

Great summary. But it's still some kind of hack.

If every app I installed did this then my mac is closer to getting hacked.

Anyway, Apps that asks for root password on installation always makes me cringe, e.g. they could turn on SSH and put a pubkey into authorized_keys, or they could upload SSH identity files. But I still proceed to enter my password.

replies(2): >>12463814 #>>12463870 #

gruez ◴[09 Sep 16 16:38 UTC] No.12463814[source]▶

>>12463788 #

How's that any different compared to Linux? AFAIK apt packages can run arbitrary scripts as root.

replies(4): >>12463950 #>>12463964 #>>12463969 #>>12464438 #

1. amenod ◴[09 Sep 16 16:52 UTC] No.12463969[source]▶

>>12463814 #

There's a world of difference, as long as you are using only default repositories (which you should). Apt itself is root, of course, but it is (or should be) trustworthy. All other apps never see root access unless they need it - and if it is needed, then the package maintainer has checked the package to make sure it only uses root when necessary. Kind of like Apple checking apps on AppStore.

↑

How Dropbox Hacks Your Mac