Bypassing macOS TCC user privacy protections by accident and design

Bypassing macOS TCC user privacy protections by accident and design(labs.sentinelone.com)

159 points by adib 4 years ago | 32 comments

> At least, that’s how it’s supposed to work, but if Alice is an admin user and gives Terminal Full Disk Access (FDA), then Alice can quite happily navigate to Bob’s Desktop and Downloads folders (and everyone else’s) regardless of what TCC settings Bob (or those other users) set... When Alice grants FDA permission to the Terminal for herself, all users now have FDA permission via the Terminal as well. The upshot is that Alice isn’t only granting herself the privilege to access others’ data, she’s granting others the privilege to access her data, too... Any application granted Full Disk Access has access to all user data, by design.

This indeed seems dangerously counterintuitive.

I, like most other people I'd think, always assumed the permission dialogs ("TCC") were a layer of restrictions on top of traditional UNIX user permissions. Not overriding them.

In other words, granting full-disk access to an app would give it access to everything my user can access. Not "sudo" access to other users' data as well.

Why would an app ever need that level of access? For installing files, maybe, but not while running.

Can anyone else confirm this is how macOS actually works? And if there's some justification I'm missing? It seems so crazy that I can't actually believe it without somebody else verifying it.

xenadu02 4 years ago | |

TCC does not bypass Unix file permissions. I don't know where that idea is coming from but it is incorrect.

An admin has always been able to sudo to bypass normal Unix permission checks. That's true on all Unix systems.

kmeisthax 4 years ago | | |

The problem isn't that TCC grants a Unix file permission bypass - because it doesn't, at least not on it's own. The problem is that ordinary users can create APFS snapshots via Time Machine, and then mount them with Unix permissions disabled (noowners). When Apple was told about this they decided to gate the snapshot mounting stuff... behind Full Disk Access, not being an admin. And Finder has FDA, because of course it does, otherwise users wouldn't be able to use their own filesystem rights at all.

All of this smacks of different parts of the macOS core team not understanding their security model. One half seems to think Full Disk Access just means "has the user's file system permissions instead of sandboxed access" (hence why Finder has it), while the other thinks it means "access the whole disk, regardless of other permissions". Both interpretations are reasonable but become unreasonable when combined into a single system.

crazygringo 4 years ago | | |

So is the article just plain wrong then?

Can an app given full-disk permissions not access data in other user folders other than the user who started it?

This is why I'm so confused.

adib 4 years ago | | |

... in this case it _does_, albeit in a roundabout way via Time Machine local snapshots. In short, the attacker can bypass Unix file permissions by mounting a local backup with owners disabled.

wtmt 4 years ago | |

> In other words, granting full-disk access to an app would give it access to everything my user can access. Not "sudo" access to other users' data as well.

> Why would an app ever need that level of access? For installing files, maybe, but not while running.

Though bootable full disk backups aren’t possible anymore with the recent releases of macOS, there are applications such as Carbon Copy Cloner and SuperDuper! that need full disk access to create a backup of the entire volume. This is a limited case, but there are many people who use these (instead of or in addition to Time Machine).

my123 4 years ago | |

https://filebin.net/uwboypi04o23yzj8/Screenshot_2021-07-05_a...

It is explicitly detailed as such. Full disk access actually means full disk access under that system.

> Time Machine backups [...] for all users on this Mac

wtallis 4 years ago | | |

That seems like the less likely parsing of the actual text. The more plausible reading would have the "for all users" apply only to the bit about "certain administrative settings", which may by their nature need to apply to all users instead of per-user.

A less ambiguous warning is needed if this is truly meant to be such a powerful setting that overrides regular user-based permissions.

GekkePrutser 4 years ago | | |

True but the other point mentioned in the article: - giving automatic access to Finder automatically leading to that app getting FDA access without appearing in the list - is very counterintuitive I think.

judge2020 4 years ago |

I think the original title would be better

> Bypassing macOS TCC User Privacy Protections By Accident and Design

Simply because 'backdoor' is especially vague - I first thought it was about Apple backdooring their users perhaps, but it's a way for malware to abuse Finder to bypass the 'Full Disk Access' permission prompt. It's also not an editorialized title.

dang 4 years ago | |

Ah yes. Changed now. Submitted title was "macOS Privileged Access Backdoor"

Submitters: "Please use the original title, unless it is misleading or linkbait; don't editorialize." https://news.ycombinator.com/newsguidelines.html

noizejoy 4 years ago |

It’s been too many years, since I had detailed professional involvement with computer and network security, so I apologize if this question is stupid and I’m not even sure, if it’s even phrased quite right by modern standards:

On a computer shared by multiple people and multiple applications, shouldn’t privileges be assigned at the intersection between user and app (and or groupings thereof)? And if there was some sort of privileges table, it would have a composite key consisting of app-id and user-id.

Is any modern OS actually set up that way and if yes, is there any way to generate a report to show the combination of user/app privileges?

dasyatidprime 4 years ago | |

Last I checked (which was quite a while ago), Android with multi-user support did in fact assign one Linux UID to each (user, app) tuple! But I don't recall there being a particularly rich privilege model available in practice for the multi-user sharing case, only for isolation. Inter-app intents were handled using Binder IPC underneath; I don't know what use that made of the Linux credentials.

Many server applications handle user separation internally, without reference to the underlying OS, while application separation is much stronger (separate VMs, SELinux, etc.), and desktop platforms have user separation but often-unsandboxed apps, so those are in some ways duals of each other…

I'm not sure what Windows does with UWP and sandboxed apps from the Microsoft Store, but that would be a good place to look.

salawat 4 years ago | |

I'm fairly sure that anything permission related has been completely mangled beyond all recognizability in this brave new world of "why should users be burdened with understanding the basic abstractions and mechanics of computing, just give them an app!"

Except now we have two permission problems...

csande17 4 years ago |

How does this interact with regular Unix file permissions? Is the assumption that Alice is using sudo, or do modern macOS versions mark all user files world-readable?

adib 4 years ago | |

Alice finds a recent Time Machine local snapshot and mount that elsewhere with owners disabled. Then Alice can browse everyone else's (recent) files – without needing sudo access.

crazygringo 4 years ago | |

Yes it's essentially sudo.

By default, a user can't see another user's files.

GekkePrutser 4 years ago |

I really think Apple should be clearer about what all this stuff does. They're adding a layer of what looks like security but it's not always clear how it behaves.

I feel Apple tries to hide complexity from the user too much. I understand they want to do this by default but there should be a way for technical users to know what's going on. I don't think that's the case well enough now.

Especially that thing with the full disk access cascading though the automation permission is very vague.

philistine 4 years ago |

This shit is bananas! I had no idea, as the average user, about such glaring holes in the protection. Any app can read and write its own files in the protected folders? How on earth could that be intended?

interactivecode 4 years ago |

As I understand it full disk access means the app can read the disk outside of the usual (strict) app sandbox or explicit user actions like file modals.

This is completely separate from the unix user permissions.

tsimionescu 4 years ago | |

> This is completely separate from the unix user permissions.

It's supposed to be separate, but, with the Time Machine hole, it actually overrides them. So, if an admin enables FDA for Terminal (so that they can actually use it), then a Guest account on the system can use Terminal to create a TM snapshot, mount it, and read any file on the system, from any user, regardless of Unix file permissions.

lilyball 4 years ago |

How does granting automation access to Finder allow other users to access Alice’s data? TCC doesn’t negate standard Unix file permissions, and other users couldnt read Alice’s data before TCC. And the standard user directories (such as Desktop) are not accessible by other users.

adib 4 years ago | |

... by manipulating the Finder to:

(1) Create a snapshot of the entire file system; (2) or find a recent Time Machine local snapshot; then (3) mount the snapshot obtained in [1] or [2] without owners enabled, effectively granting Alice read-only access to other people's files without having administrative privileges.

lilyball 4 years ago | | |

The Finder doesn’t create or mount APFS snapshots. And while I haven’t tested it, I fully expect Time Machine to still enforce Unix file permissions. You really need to be using the command line to do what you’re describing.

Dah00n 4 years ago | |

It gives full sudo access.

lilyball 4 years ago | | |

Finder doesn’t run as sudo though. TCC is layered on top of Unix file permissions. It prohibits access to files, it doesn’t open a hole through pre-existing protections.

Basically, it acts as a sandbox rule. Sandboxing your app doesn’t allow you access to new files, it just denies access as determined by the sandbox profile.