Cocoa Programming for OS X: The Big Nerd Ranch Guide
by Aaron Hillegass, Adam Preble, Nate Chandler
App Sandbox
In the old days, an application had all the same rights as the user running it. If you trust all your applications, this sounds fine. However, most users do not have the luxury of running only apps they trust, and, more important, no user can run only bug-free applications. The unpleasant truth is that even a trustworthy application can have an innocent bug that causes damage to a system or allows an attacker access to the user’s system. The app sandbox is a big step toward mitigating this problem.
Sandboxing is a security method that constrains the means by which an application can interact with the system (filesystem, network). Apple has required sandboxing of all apps on iOS since the very first 3rd party apps were ...