From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Alan Third Newsgroups: gmane.emacs.bugs Subject: bug#66245: [PATCH] ; Silence macOS 14 warning Date: Thu, 28 Sep 2023 11:35:29 +0100 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="27831"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 66245@debbugs.gnu.org To: Eshel Yaron Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Thu Sep 28 12:36:13 2023 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1qloNP-0006xk-RT for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 28 Sep 2023 12:36:11 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qloN4-0001Zb-QG; Thu, 28 Sep 2023 06:35:50 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qloN2-0001ZT-DP for bug-gnu-emacs@gnu.org; Thu, 28 Sep 2023 06:35:48 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qloN2-000122-4y for bug-gnu-emacs@gnu.org; Thu, 28 Sep 2023 06:35:48 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qloNF-0005Xx-VG for bug-gnu-emacs@gnu.org; Thu, 28 Sep 2023 06:36:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Alan Third Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 28 Sep 2023 10:36:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 66245 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 66245-submit@debbugs.gnu.org id=B66245.169589735721308 (code B ref 66245); Thu, 28 Sep 2023 10:36:01 +0000 Original-Received: (at 66245) by debbugs.gnu.org; 28 Sep 2023 10:35:57 +0000 Original-Received: from localhost ([127.0.0.1]:53124 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qloNA-0005Xc-Nk for submit@debbugs.gnu.org; Thu, 28 Sep 2023 06:35:57 -0400 Original-Received: from dane.soverin.net ([2a10:de80:1:4092:b9e9:2295:0:1]:42925) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qloN7-0005XI-9R for 66245@debbugs.gnu.org; Thu, 28 Sep 2023 06:35:54 -0400 Original-Received: from smtp.soverin.net (c04smtp-lb01.int.sover.in [10.10.4.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dane.soverin.net (Postfix) with ESMTPS id 4Rx8yC1p34zypw; Thu, 28 Sep 2023 10:35:31 +0000 (UTC) Original-Received: from smtp.soverin.net (smtp.soverin.net [10.10.4.99]) by soverin.net (Postfix) with ESMTPSA id 4Rx8yB5qZBzLn; Thu, 28 Sep 2023 10:35:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=idiocy.org; s=soverin; t=1695897331; bh=ZlLhliUEKZyXsMCb9us4LdveeJAg2Ref2O0IT1m1F4c=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=hx3SY8GirkBXxMrMlRF/Qct6AncCvFyLQEAEUVNELJn1Ywxu0LprJReUNlhXQynGo FzPvzSYFaVoXQ0o8uhWhmCMjwD1bxX4qvo7Pif0ir4ARPZwiJAPZJsR971Wgfp1eR5 DZofDrKfK+ULxOHzRTSxD5xCVd6KhM/enPVZNlFXTjnQI07MSzmzL7dWe8/pohYnaC RKEMVdfMcC9esmirBoncc+DiSvYqur18gVONrAktoQj4MugMoYUwMzLBJvkBKryYlQ J6jtPnsS4LF8Wv6UHDU57fw5coPhv2fg+F9MworoJGsEB67V3OUUpnwYmCvoRH6KHj WMve13rbihLeA== Original-Received: from alan by faroe.holly.idiocy.org with local (Exim 4.96) (envelope-from ) id 1qloMj-000OjZ-2u; Thu, 28 Sep 2023 11:35:29 +0100 X-Soverin-Authenticated: true Mail-Followup-To: Alan Third , Eshel Yaron , 66245@debbugs.gnu.org Content-Disposition: inline In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:271442 Archived-At: On Wed, Sep 27, 2023 at 09:00:45PM +0200, Eshel Yaron via Bug reports for GNU Emacs, the Swiss army knife of text editors wrote: > Tags: patch > > Hi, > > After updating to macOS 14 (and rebuilding Emacs), I see the following > warning whenever I start Emacs: > > WARNING: Secure coding is not enabled for restorable state! Enable secure coding by implementing NSApplicationDelegate.applicationSupportsSecureRestorableState: and returning YES. > > This patch does exactly what the warning suggests, and it silences the > warning. > > TBH I'm not entirely sure I understand the implications of implementing > `applicationSupportsSecureRestorableState`. IIUC it makes Emacs opt-in > to the "secure state restoration" mechanism in contrast to a former > (supposedly less secure) mechanism, but AFAICT Emacs doesn't opt-in to > state restoration in the NS port in the first place... A description of what this fixes is here: https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/ I'm not sure if making this change will affect us, as I don't think we support saved states, although I could be wrong. Is it possible for you to try a before and after test of how Emacs handles saving the state over a reboot? That is, have a running Emacs with open files and reboot, tick the "reopen windows when logging back in" option, and see if it behaves differently with this patch applied and not applied? If it doesn't then I think this is probably safe and won't affect us, so we should apply it. Otherwise we'll need to examine what's changed and see if we can work around it. Thanks! -- Alan Third