InputManagers still live in Leopard

It’s Halloween and that means I’ll tell you a tale of fright. Gather round the campfire kids as I shine this flashlight at my face in a spooky way. There were once these things called InputManagers. They were powerful pieces of software that could do wonderful or dangerous things. Browsers were enhanced to usable states.

But then InputManagers were pronounced dead. Dead and buried.

One more tip we got regarding Leopard, is that InputManager plugins are no longer allowed. That’s right… no more little hacks from anybody besides Apple. No more Apple menu hacks. No more Safari plugins.

You’d think the story ended there… Boo! InputManagers are alive and well (even SIMBL, the Safari plugin handler is back). The rules have just changed a little bit.

1. The valid installation is now restricted to the /Library/InputManagers folder only. Bundles in other locations are silently ignored.
2. All the files in the bundle and /Library/InputManagers folder itself must be owned by the root user and admin group. No files inside the bundle can have group or other write permissions.
3. Processes running with the root privilege (getuid() == 0 or geteuid() == 0) cannot load any bundle input manager.
4. Processes running with the wheel group privilege cannot load any bundle input manager.
5. The process must be in the active workspace session at the time of loading the bundles.
6. The process must not be tainted by changing user or group id (checked by issetugid()).
7. No 64-bit processes can load any bundle input managers.

The upshot is that Apple took a hard long look at security related to InputManagers. More recently, critics of InputMangers have pointed to a lack security as the main issue with them. The ease with which InputManagers were once installed spooked me and I don’t panic easily. They now require admin privileges and permission. It’s a fair compromise to keep such a powerful API.