macOS gatekeeper and file quarantine bypass(objective-see.com) |
macOS gatekeeper and file quarantine bypass(objective-see.com) |
The issue is fixed in the latest version of Big Sur. Be sure to upgrade. It’s being exploited in the wild.
Compare "Gatekeeper" fixed issues here:
https://support.apple.com/en-us/HT212326 Catalina
https://support.apple.com/en-us/HT212325 Big Sur
Feels for me that they only patched one part of it on Catalina but gates are more open on the older macOS. Really don't like that.
This is a technical crowd, so some of us don't need to rush to download things like this. I'll upgrade when it's convenient, thank you very much.
I am grateful for the "upgrade now" message being pushed it. As a technical user I can't trust my skills and knowledge to truly keep me safe from this one.
I remember once installing several of his apps, but then coming to the conclusion that i don't know enough - even though he consistently seems to find and fix flaws in OSX.
Why isn't Apple hiring this man?
EDIT: Why are people downvoting this question? If i'm implying something then i'm unaware of it.
This time, he told Forbes that "the hacks effectively take Mac security back a decade" [1], and Vice quotes him as saying "this is likely the worst or potentially the most impactful bug to everyday macOS users in recent memory". [2]
Forbes ran the story with the headline "The ‘Worst Hack In Years’ Hits Apple Computers", and that's bullshit.
1. https://www.forbes.com/sites/thomasbrewster/2021/04/26/updat...
2. https://www.vice.com/en/article/wx5855/massive-mac-apple-sec...
Overcomplicated and bloated security features, telemetry, iOSification of the UI, dumbed down settings, bugs..
Perhaps the time has come to shed some legacy and restart again from scratch (like Google Fuchsia) or to invest some of the hundreds of billions they have in refining the software so it actually works
sudo spctl --master-disable
That's it, it will never bother you again, unless you turn it back on or reinstall the OS from scratch. If macOS is still too limiting, you can also turn off System Integrity Protection, at which point you can do just about whatever the heck you want.I personally kept both Gatekeeper and SIP turned off, back when I used modern macOS. But if they are turned on, they ought to work.
Or do you also have to install the profile after you tell it to get out of your way?
And it's not just a matter of protecting you against out-and-out malware (although that's certainly part of it), it's a matter of protecting you against developers whose interests don't entirely align with yours. Developers who really want to spy on their users seem to be the biggest group (see, for example, the recent Apple vs. Facebook kerfuffle).
Unfortunately, distrusting software does add friction, especially if you add (/update-via-unsupported-mechanisms) new software frequently. "Are you sure you meant to run this program? It looks weird to me; I think you should get rid of it. Should it really have access to your contacts/camera/etc?" macOS is acting a little like an overprotective parent here, and it's certainly annoying. But the threats it's trying to protect you from are real. You can turn the protections off (with a certain amount of work), but then you're vulnerable to all the stuff it's there to protect you from.
P.s. I don't mean to completely defend Apple here. Their preferred solution is to have all software distribution go through their App store... where they get a cut of the price. Which means they're also on the list of developers whose interests don't entirely align with yours.
I told macOS to run that program because I trust it. If macOS trusts me then it transitively trusts the program I told it to run.
In other words macOS doesn't trust me to validate programs before I try to run them.
The keyword here is sometimes This is what I Love about current state of MacOS.
To fix it nothing works until you delete it completely and only then if you lucky etc ... It just reminds me those old good days with Microsoft many years ago. Turn it off then turn it on few times .. it may work ...
Thankfully there is a simple workaround: https://hiringengineersbook.com/post/disable-quarantine/
( I always prefer to see the extensions too though :) )
That’s not exactly an answer to your question, but there’s a chance it’s an acceptable solution, so duly noted.
Finder does try to help with renaming and when you try to rename a file only the filename is selected and not the extension.
The list of security fixes for the Big Sur update 11.3 has three entries mentioning Gatekeeper: https://support.apple.com/en-us/HT212325
...whereas the list for Catalina has only one: https://support.apple.com/kb/HT212326
But it's a very different problem from Gatekeeper. And from iOS, where the user legitimately has no control. If SIP is turned off, you could write an app that strips out every macOS behavior you dislike, because without SIP apps can patch whatever they want.
I share your curiosity. If your computer isn't already managed, installing an MDM profile in order to view logs is ridiculous. I don’t even think there’s a way to do it without paying money.
Or download a signed version from here (not my site):
https://georgegarside.com/blog/macos/sierra-console-private/...
In GNOME for example gio handles opening files in the "correct" application by way of the MIME database in /usr/share/application/mimeapps.list and ~/.local/share/applications/mimeapps.list.
I regularly build both and have run them in the same way you're talking about here, without issue... the latter migth be a bit more nuanced, but when set up properly does work fine, so I'm inclined to think this is more a problem with how you're doing things.
"I'm inclined to think this is more a problem with how you're doing things." Of course, who would expect to see bug in XCode right? I'll tell you the secret, this is not the first bug I've spotted in Apple product during 10 years.
Honestly I do not even know what their QA team is doing if I can find few bugs manually within 10 minutes of usage ... Yesterday I have found another one with sound system, because they didn't thouhgt about one scenario in their logic. They really should spend their money on people like me instead of wasting their money on QA team that doesn't work properly :) ...Or perhaps I should take a look at their QA team to spot bugs in their working process ))
Or just use the file suffix, which is AFAIK what all the mainstream Linux desktop environments do, through Freedesktop's MIME implementation. I don't know if it supports using metadata or file magics instead, but a quick glance shows almost every MIME definition uses file globbing.
You can check this in the files located at "/usr/share/mime/application" and "/usr/share/mime/packages" on most distros. Most (all?) definitions use a "glob pattern" to match files.
I use Homebrew constantly and have never seen such a thing in my life, in any version of macOS/OSX over the past several years. Not in building from source, not in casks.
Like another commenter the only security change I have is "Allow apps downloaded from" set to "App store and identified developers" -- which I'd assume virtually every Mac user on HN has also set.
Perhaps you have some kind of unusual configuration? Or there's some very specific subcategory of Homebrew packages that encounter this problem?
I am genuinely curious why people are singing that "I don't have that such problems in my computer!" slogan repeatedly? Some of us have that problem and just because we have the same OS and possible the same hardware didn't mean it is impossible. I wish people change that particular mindset and be aware that those problems does exist.
Obviously the problem is possible. It's happening to you. I'd like to find out why so that I can troubleshoot and fix the problem if it starts happening to me or my friends or coworkers. And really, I'd like to help you fix it, too, if I could figure out what's causing it.
Additionally if they can’t reproduce, they can’t offer any advice or help.
It’s highly unlikely that MacOS behaves specially for your existence.
M1/ARM code is treated more strictly than Intel, so I guess all my command line stuff is Intel.
Homebrew is a keg of worms, if you excuse the bad pun. Sadly (because it seems to be easier to get started?) many developers prefer it over Macports...
It is likely that it is not the devs prefers it over MacPorts, it is likely that end-users prefers it and the devs are following what the end-users desires. Homebrew have huge catalog of software and libraries than MacPorts.
I can see brew trying to run x64 code while the emulator isn’t there blocking code from running in weird ways.
Alternatively, it might be that package updates fixed the packages that behaved incorrectly. Again, just a slightly educated guess.
Before I figured out the way to identify the offending dependencies I sorted the issue through signing the executable with codesign, in a way that required me to disable part of SIP. So the code was working, it was just not being allowed to run.
I been reading other comments and as someone (xrisk) pointed out that it is Homebrew Casks which it made sense since all of the gatekeeper alerts is coming from 'Cask-ed' apps. I could disable Gatekeeper but I rather not because MacOS is not my daily driver. I rather to keep Gatekeeper active to protect itself from moronic me.
Does the method of right-clicking on an app, then "Open", in Finder work to tell Gatekeeper to quit complaining?
You could edit sudoers so the command doesn't require a password. But really, at that point I'd just leave Gatekeeper off.