Leopard Axing Input Managers?

FYI, On build 9A410 the dialog box has been changed to

Input Managers are effectively a drag-and-drop means of something that's only marginally more difficult to do another way (and even then it's trivial, especially if you're in the game of producing malware). Mac OS X's dynamic linker, just like most Unix/Unix-like operating systems, has the facility to preload or insert additional dynamic libraries. On Darwin and friends, it's the DYLD_INSERT_LIBRARIES environment variable (which of course applies to everything, not just Cocoa apps); on Linux and Solaris (and possibly the BSDs), it's LD_PRELOAD. Granted, there's no specific hook callback mechanism, but most of the really useful Input Managers seem to use the system as a means of shoehorning themselves into the application's memory space, which is all DYLD_INSERT_LIBRARIES does for you.

I don't know (because I've not tested it yet) whether DYLD_INSERT_LIBRARIES can be set via environment.plist: Apple would have had to specifically prevented it if it can't. If it can, there's your install vector right there; instead of copying a file in place, you have to copy a file in place and update a property list. Given most Input Manager hacks come with installers already, there's not a huge difference from an end-user perspective (and it's not noticeably more difficult for a malware author).

About time that this hack to Input Manager is being sealed.

I'm sorry if this hurts a few of you, but the fact that coders do this against EVERYTHING Apple tells them is for this programmer unacceptable. All such security issues should be terminated, period.

Keep it coming, Apple!!!

I would welcome it, if Apple kicks input managers out of OS X. I already "disabled" inputer managers and if an app wants to install a input manager, I will avoid it.
The idea behind Input Managers was ok, but the have been used in the wrong way.

System-wide input managers require a warning, but they can be installed for individual users with just user privileges. It wouldn't be too hard to have a warning for that too though...
Personally, I'm a little bummed to see spellchecker and textpander, two apps I rely on a lot, may not be possible in Leopard...

Security hole? Can an Input Manager even be installed without the operating system warning the user?

"There's a disturbing rumor floating around the Mac web today."

Oh, yes, it's disturbing, indeed, to hear that a security hole in the OS is likely to be closed.

Good grief.

Anon, the Privoxy url you give points to an ad site; to download Privoxy (of which I'm an extremely happy user) go to http://sourceforge.net/projects/ijbswa ...
Privoxy has this excellent feature that you can use it with any app browsing, for instance I am working now from my RSS reader's html viewer, with ads filtered even though the developer never thougt of it...
Hervé

I don't understand why people use a separate ad-blocking plugin for every browser when the awesome Privoxy (http://www.privoxy.org) does so much more and will work in every browser.

Simon Arch, no kidding. What is a functionality? Why would a user care about Cocoa or not?

Also, http://developer.apple.com/documentation/Cocoa/Reference/ApplicationKit/Classes/NSInputManager_Class/Reference/Reference.html