undefined | Better HN

0 pointsquotemstr9mo ago0 comments

> By default, folders like ~/Documents are not accessible by any process until you explicitly grant acces

And in a terminal, the principal to which you grant access to a directory is your terminal emulator, not the program you're trying to run. That's bonkers and encourages people to just click "yes" without thinking. And once you're authorized your terminal to access documents once, everything you run in it gets that access.

The desktop security picture is improving, slowly and haltingly, for end-user apps, but we haven't even begun to attempt to properly sandbox development workflows.

0 comments

chatmasta9mo ago

Yeah, it does say “Do you want to grant Terminal.app access to ~/Documents?”

I agree this should be more granular to the actual process/binary attempting the access. Or at least there should be an option like on iOS, to grant access but “just this once.” That way you know it’s the program you just ran, but you aren’t granting access to any program you execute in the terminal in perpetuity.

But I’ve yet to grant it since I treat that prompt as an indication I should move the files I’m trying to access into a different directory.

j / k navigate · click thread line to collapse

0 comments

chatmasta9mo ago

Yeah, it does say “Do you want to grant Terminal.app access to ~/Documents?”

But I’ve yet to grant it since I treat that prompt as an indication I should move the files I’m trying to access into a different directory.

j / k navigate · click thread line to collapse