App launched from Sandboxed app is not sandboxed. Security flaw ?

I have a very simple macOS app, built with latest swift, latest xcode. Is it sandboxed, and only launches another app (from the app store - with its own code signing).


I have placed this other app in my launcher's app bundle, and launch it with NSWorkspace.shared.openApplication.


My issue is that while the launcher app itself is sandboxed, its restrictions are not applied to the launched app. The launched app is sandboxed (it was sandboxed by the original developer), but has wider permissions.


It seems either a security flaw or I am misunderstanding something. Can anyone shed lights on this? Thanks!

Replies

The physical location of the app isn't relevant. When you launch it with NSWorkspace, it is launched as if the user double-clicked on it. If you really wanted to be a stickler, you could consider that a security flaw. After all, your App Store app could just copy a dangerous command to the clipboard, launch Terminal, and tell the user to paste and press return. But the user still has to follow those instructions. But sometimes this can be useful. Your sandboxed app could call an unsandboxed Apple app and collect information that it normally wouldn't have access to. We just have to trust that Apple has checked all of its own software to ensure there are now possible exploits. As far as I can tell, Apple has been very thorough in this regard.