From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Alan Third Newsgroups: gmane.emacs.bugs Subject: bug#66245: [PATCH] ; Silence macOS 14 warning Date: Thu, 28 Sep 2023 23:37:41 +0100 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="4148"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 66245@debbugs.gnu.org, Eshel Yaron To: Stefan Kangas Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri Sep 29 00:39:13 2023 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1qlzf6-0000mI-Kt for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 29 Sep 2023 00:39:12 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qlzej-0007GM-SZ; Thu, 28 Sep 2023 18:38:49 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlzei-0007G8-AC for bug-gnu-emacs@gnu.org; Thu, 28 Sep 2023 18:38:48 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qlzei-0007b5-0u for bug-gnu-emacs@gnu.org; Thu, 28 Sep 2023 18:38:48 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qlzew-0002YZ-4F for bug-gnu-emacs@gnu.org; Thu, 28 Sep 2023 18:39:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Alan Third Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 28 Sep 2023 22:39:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 66245 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 66245-submit@debbugs.gnu.org id=B66245.16959407039773 (code B ref 66245); Thu, 28 Sep 2023 22:39:02 +0000 Original-Received: (at 66245) by debbugs.gnu.org; 28 Sep 2023 22:38:23 +0000 Original-Received: from localhost ([127.0.0.1]:54671 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qlze4-0002XI-Om for submit@debbugs.gnu.org; Thu, 28 Sep 2023 18:38:23 -0400 Original-Received: from dane.soverin.net ([185.233.34.149]:33475) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qlzdy-0002Wf-Vx for 66245@debbugs.gnu.org; Thu, 28 Sep 2023 18:38:07 -0400 Original-Received: from smtp.soverin.net (c04smtp-lb01.int.sover.in [10.10.4.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dane.soverin.net (Postfix) with ESMTPS id 4RxSzV0wxVzyxq; Thu, 28 Sep 2023 22:37:42 +0000 (UTC) Original-Received: from smtp.soverin.net (smtp.soverin.net [10.10.4.99]) by soverin.net (Postfix) with ESMTPSA id 4RxSzT51hzzLn; Thu, 28 Sep 2023 22:37:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=idiocy.org; s=soverin; t=1695940662; bh=CPMbK67si6SR7ZbGlFnPVV5WzyORHsm8htjUKYDPZBE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=KfMBE+dfSb9KVOK3cegs1DLCmub0DovznD5E+yCqmEooP9h3TjD4O+Kf2zpUXEI3k qI+oLR7QrlKKEXxtBOP4eYKjfDf/7dZkb4cZAdIMhtSc8xZ3QyLg9PeBMvjkrGdtA9 /3Osnmtm5ejpJNglK9TJNFfS0q2mazAZkvIm0LZs5WzOvp1AEyomq6DM8ZD9GbbEHm 3O7qvYKtngZgn5IFnaaR5ij9uo5EtCageugwyA90v7XZkDX0jrebM9GbxDpGqswMHv quqCH5/gQSwtm53ea/OgN/zDCy8G1DzUjCE2NaTuHMJ3fGqbumDV7wt7g8mITPw1Xt X95W1xeNaeIbg== Original-Received: from alan by faroe.holly.idiocy.org with local (Exim 4.96) (envelope-from ) id 1qlzdd-000PXq-0Z; Thu, 28 Sep 2023 23:37:41 +0100 X-Soverin-Authenticated: true Mail-Followup-To: Alan Third , Stefan Kangas , Eshel Yaron , 66245@debbugs.gnu.org Content-Disposition: inline In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:271455 Archived-At: On Thu, Sep 28, 2023 at 03:16:21PM -0700, Stefan Kangas wrote: > Alan Third writes: > > > Eli, Stefan, any thoughts? Does this look bad enough to force a new > > Emacs 29 release? > > > > The link with the in-depth explanation again: > > > > https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/ > > Let's see if I understand this right. > > Without this code, are we enabling malicious processes to escape the > macOS sandbox, and gain the same privileges as the Emacs process? As I understand it, yes. I'm not sure that Emacs has any particularly noteworthy privileges, though. The example they give is an application that has installer type privileges, which I doubt Emacs would ever have or need. > It is presumably easy for some malware to just test all processes on the > machine until one is found to be vulnerable, right? So they don't have > to specifically target Emacs? Possibly. I'm not entirely clear. I think the process is to create a fake "state" file and put it in the right place on the users machine and the next time they reboot it will use that file. > The full exploit chain there is not very easy to understand, but it > seems like several techniques are used for some of the more nasty stuff, > and some of the steps have been fixed already. There can be other ways > to do the same thing of course. So I'm not sure what to say about the > urgency of fixing this; it could be urgent, or it could wait until 29.2. > What is your view? I'm not sure either. Is there a rough timeline for the release of 29.2? I feel like this is perhaps not very urgent, but if we're talking, say, three or four months or more we maybe don't want to wait that long. > Another thing. The link says: > > Nevertheless, if you write an Objective-C application, please make > sure you add -applicationSupportsSecureRestorableState: to return > TRUE and to adapt secure coding for all classes used for your saved > states! > > Do we use "secure coding for all classes used for saved states", or does > that also need to be fixed? I believe that's what Eshel's patch does. > BTW, any idea why we're only hearing about it now? I guess Eshel's the first person to try building with the relevant version of xcode who's noticed and reported the message. However that version of xcode must have come out over a year ago (going by the date on that article) so I don't know why nobody's noticed it before now. My Mac is years behind, and I rarely build Emacs on it, so I don't get these messages at all. -- Alan Third