Comments for An Experiment in Bloggery

Comment on 1Password extension loading in Snow Leopard by kev

kev — Wed, 23 Sep 2009 21:54:16 +0000

Ah – Now I know why TinkerTool System flagged 1Password!

Comment on 1Password extension loading in Snow Leopard by JulesLt

JulesLt — Tue, 22 Sep 2009 06:44:26 +0000

I can see Apple closing this one too, given the reasons why Input Managers have been deprecated.

What they really should do is give us a secure equivalent – that prompts us when a code injection is attempted, but let’s us allow it (and perhaps always allows it for a signed bundle).

Comment on 1Password extension loading in Snow Leopard by links for 2009-09-21 (Jarrett House North)

links for 2009-09-21 (Jarrett House North) — Tue, 22 Sep 2009 02:02:26 +0000

[...] An Experiment in Bloggery Â» 1Password extension loading in Snow Leopard Using scripting additions to inject 32 bit Safari plugin code into the 64 bit Safari process. Code injection as a feature raises my eyebrows a little, but I suppose this is no different from any plugin. (tags: macosx safari applescript snowleopard) [...]

Comment on 1Password extension loading in Snow Leopard by foljs

foljs — Mon, 21 Sep 2009 22:59:13 +0000

Why input Manager mechanism has been eliminated ? I preferred the old Leopar. More secure ..

Errr, Input Manager got eliminated because it WAS NOT SECURE.

Actually, it was less secure than the system described here.

Comment on 1Password extension loading in Snow Leopard by How 1Password Injects Code Into 64-Bit Safari on Snow Leopard «

How 1Password Injects Code Into 64-Bit Safari on Snow Leopard « — Mon, 21 Sep 2009 22:01:24 +0000

[...] Original source : http://kevin.sb.org/2009/09/02/1password-extension… [...]

Comment on 1Password extension loading in Snow Leopard by Frank Reiff

Frank Reiff — Mon, 21 Sep 2009 20:25:17 +0000

Does this always work or can applications block this injection somehow?

Comment on 1Password extension loading in Snow Leopard by Kevin Ballard

Kevin Ballard — Mon, 21 Sep 2009 17:46:06 +0000

Dave: It’s no more open than any other old injection mechanism (Input Managers or any of the systems built on top of it, such as SIMBL). And I didn’t do any testing, so the 1Password scripting addition may do additional verification on the bundle before loading it.

Comment on 1Password extension loading in Snow Leopard by Dave

Dave — Mon, 21 Sep 2009 16:00:53 +0000

I hope 1Password’s implementation isn’t rally that generic where you can load an arbitrary bundle into an arbitrary process just by sending it a ONEP/Load Apple Event. That’s a rather large security hole being introduced if it’s not somehow limited in scope or protected against malicious use.

Comment on 1Password extension loading in Snow Leopard by Aarsvold

Aarsvold — Sat, 12 Sep 2009 00:18:52 +0000

Nice detective work.

Shame that the 1Password folks have to jump through so many hooks to get this working. 1Password is an indispensable add-on for me (and I imagine a lot of other Mac users too). I'd rather switch browsers (ouch) than NOT use 1Password these days….

Comment on 1Password extension loading in Snow Leopard by marcofono

marcofono — Fri, 11 Sep 2009 13:11:16 +0000

Why input Manager mechanism has been eliminated ? I preferred the old Leopar. More secure ..