Closed Bug 464333 Opened 16 years ago Closed 16 years ago

Quarantine setting ignores com.apple.DownloadAssessment.plist?

Categories

(Camino Graveyard :: OS Integration, enhancement)

Product:
Camino Graveyard
Component:
OS Integration
Platform:
All
macOS
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: resuna, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.14) Gecko/20080512 Netscape/9.0
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.14) Gecko/20080512 Netscape/9.0

When setting the com.apple.quarantine attribute on a file, you need to honor the settings in com.apple.DownloadAssessment.plist.

See http://pseudogreen.org/blog/yes_leopard_i_want_to_open_it_already.html for information on disabling the quarantine, see my comments in http://systemsboy.com/2008/10/spotlight-sort-options.html for why this is desirable.

Reproducible: Always

Steps to Reproduce:
1.Add entry from http://pseudogreen.org/blog/yes_leopard_i_want_to_open_it_already.html to com.apple.DownloadAssessment.plist
2.Restart (or quit Finder and Camino)
3.Download a Zip file in Camino
4.Use "xattr -l" to examine the file attributes.
Actual Results:  
At the end, see:

com.apple.quarantine: 0000;4919b2df;Camino.app;B2C947EB-B33E-4985-A2C9-3FA84EC0BD75|org.mozilla.camino

Expected Results:  
No com.apple.quarantine entry or one set to Neutral.

Regardless of opinions about the desirability or not of this feature of Leopard, it should be honored by Camino.

This appears to have originated in the fix for Bug 407215
Camino version is "Version 1.6.4 (1.8.1.17 2008091513)", the User-Agent above was required to convince a time-card application to believe in my browser.
(In reply to comment #1)
> Camino version is "Version 1.6.4 (1.8.1.17 2008091513)", the User-Agent above
> was required to convince a time-card application to believe in my browser.

If you've got a URL for that, please file a separate TE bug on it (and CC me).
Severity: normal → enhancement
Component: Security → OS Integration
QA Contact: camino → os.integration
Hardware: Macintosh → All
(In reply to comment #0)
> When setting the com.apple.quarantine attribute on a file, you need to honor
> the settings in com.apple.DownloadAssessment.plist.

No we don't. This isn't part of any public description of the quarantine system, it's just something that some people reverse-engineered, and sounds from the description like a hold-over from Safari's 10.4 system that predates quarantine. Having every third-party application hand-roll support for an undocumented file whose future we don't know is not a good solution to your problem.

We quarantine all files that we download, which is the way the feature is supposed to work as described to us at the time it was introduced, and the OS makes a determination as to which can be launched without showing a dialog. What you want is for LaunchServices to support com.apple.DownloadAssessment.plist or something like it and factor that into its decision at launch time, for which you need to file a bug with Apple.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → WONTFIX
In reply to comment #2: since you don't have access to our intranet, it wouldn't help.

In reply to comment #3: If you're going to ignore the DownloadAssessment file, then you need to add an option to disable quarantining by Camino, because Apple's quarantine mechanism is a bad idea whose main result will be to train Mac users to approve all security dialogs, just as it has been for Windows users over the past decade.
(In reply to comment #4)
> If you're going to ignore the DownloadAssessment file

We aren't "ignoring" the file, we're just not reverse-engineering a file that's not part of the quarantine API and using it for our own purposes. There is a difference, and framing it as if it were some deficiency in our quarantine implementation isn't going to change the reality of the situation.

By the same logic we also "ignore" the tab preferences in com.apple.safari.plist, but saying it that way doesn't make that a bug either.

> then you need to add an option to disable quarantining by Camino

Feel free to alter Camino's Info.plist file on your own machine.
(In reply to comment #4)
> In reply to comment #2: since you don't have access to our intranet, it
> wouldn't help.

If it's a third-party Web app that's the problem, file a TE bug against the app itself and we'll find a URL later.

If it's something you guys have developed in-house, well, file the bug and assign it to yourself, since no one is in a better position to get something fixed than you would be :)
Re: #5... can you elaborate on that? What does Camino's Info.plist have to do with whether Camino puts Quarantine attributes on files downloaded by Camino? If there's a way to disable Apple's daft dialogs by modifying Camino's Info.plist (or, for that matter, about:config or user.js), that would be fine.

Re: #6... I wasn't complaining, I was just explaining why my reported user-agent didn't match reality. Sorry for the confusion. I know you have nothing to do with the messed up web app, there's nothing Camino can do about them having broken user-agent testing, and I've already filed a bug report with those guys long since.
Never mind; I forgot that Apple opts Camino in to the quarantine system regardless of what our plist says. Looks like you'd have to either make a custom build that manually removes quarantine attributes or take a folder-action-based approach if bypassing the quarantine system is important to you.
Where does Apple "opt Camino in to the Quarantine system"? I thought you were explicitly adding this attribute yourself.
If you want to have a general discussion about the quarantine system, please take it to the mailing list or forum; it's not within the scope of this bug, so bugzilla is not the right place for it.
I'm not trying to have a general discussion on the quarantine system.

In Bug 407215 there is a reference to "nsDownloadListener::QuarantineDownload()" which appears to be where Camino is adding the attribute.

In Comment #8 you wrote that "Apple opts Camino in to the quarantine system".

Am I misunderstanding the comments in Bug 407215, or your Comment #8?
You are misunderstanding bug 407215. Apple opted Camino into quarantine; we just improved user experience by adding information.

But that is not relevant to this bug, which is a WONTFIXed request to change quarantine behavior based on the contents of com.appleDownloadAssesment.plist, so again, please take any more general follow up discussion elsewhere.
Apologies, then, I will make an appropriate enhancement request.
You need to log in before you can comment on or make changes to this bug.