bug#66245: [PATCH] ; Silence macOS 14 warning

unofficial mirror of bug-gnu-emacs@gnu.org 
 help / color / mirror / code / Atom feed

From: "Gerd Möllmann" <gerd.moellmann@gmail.com>
To: Stefan Kangas <stefankangas@gmail.com>
Cc: 66245@debbugs.gnu.org, Alan Third <alan@idiocy.org>,
	Eshel Yaron <me@eshelyaron.com>
Subject: bug#66245: [PATCH] ; Silence macOS 14 warning
Date: Fri, 29 Sep 2023 11:21:59 +0200	[thread overview]
Message-ID: <m28r8pxrk8.fsf@Pro.fritz.box> (raw)
In-Reply-To: <CADwFkmnuxV++36jWGURehKu7WvFPp42sT5fq3vSp8EErC7-E1g@mail.gmail.com> (Stefan Kangas's message of "Thu, 28 Sep 2023 15:16:21 -0700")

Stefan Kangas <stefankangas@gmail.com> writes:

> Alan Third <alan@idiocy.org> writes:
>
>> Eli, Stefan, any thoughts? Does this look bad enough to force a new
>> Emacs 29 release?
>>
>> The link with the in-depth explanation again:
>>
>>     https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/
>
> Let's see if I understand this right.
>
> Without this code, are we enabling malicious processes to escape the
> macOS sandbox, and gain the same privileges as the Emacs process?

Well, not that drastically...  From the release notes of macOS 12 Appkit
(we're now at 14).

https://developer.apple.com/documentation/macos-release-notes/appkit-release-notes-for-macos-12?changes=lat__5_3

Restorable State

    To enable secure coding for a restorable state, implement
    applicationSupportsSecureRestorableState(_:). When opted in:

        The system requires classes passed to restorationClass to
        explicitly conform to NSWindowRestoration.

        ...

I understand that as meaning that this switches on additional checks in
Appkit.  That should be okay for Emacs because it doesn't use this
feature of Appkit, at least AFAIK.

> It is presumably easy for some malware to just test all processes on the
> machine until one is found to be vulnerable, right?  So they don't have
> to specifically target Emacs?
>
> The full exploit chain there is not very easy to understand, but it
> seems like several techniques are used for some of the more nasty stuff,
> and some of the steps have been fixed already.  There can be other ways
> to do the same thing of course.  So I'm not sure what to say about the
> urgency of fixing this; it could be urgent, or it could wait until 29.2.
> What is your view?
>
> Another thing.  The link says:
>
>     Nevertheless, if you write an Objective-C application, please make
>     sure you add -applicationSupportsSecureRestorableState: to return
>     TRUE and to adapt secure coding for all classes used for your saved
>     states!
>
> Do we use "secure coding for all classes used for saved states", or does
> that also need to be fixed?
>
> BTW, any idea why we're only hearing about it now?

I guess Apple is more and more turning on "Secure Coding" stuff in their
libs.

next prev parent reply	other threads:[~2023-09-29  9:21 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-27 19:00 bug#66245: [PATCH] ; Silence macOS 14 warning Eshel Yaron via Bug reports for GNU Emacs, the Swiss army knife of text editors
2023-09-28 10:35 ` Alan Third
2023-09-28 13:46   ` Eshel Yaron via Bug reports for GNU Emacs, the Swiss army knife of text editors
2023-09-28 21:47     ` Alan Third
2023-09-28 22:16       ` Stefan Kangas
2023-09-28 22:37         ` Alan Third
2023-09-29  1:38           ` Yuan Fu
2023-09-29  9:34           ` Stefan Kangas
2023-09-29 15:10             ` Eli Zaretskii
2023-09-29  9:21         ` Gerd Möllmann [this message]
2023-09-29  9:38           ` Stefan Kangas
2023-09-29 10:11             ` Gerd Möllmann
2023-09-29 15:36               ` Alan Third
2023-09-29 14:55       ` Eli Zaretskii
2023-09-29 11:35 ` Stefan Kangas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/emacs/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m28r8pxrk8.fsf@Pro.fritz.box \
    --to=gerd.moellmann@gmail.com \
    --cc=66245@debbugs.gnu.org \
    --cc=alan@idiocy.org \
    --cc=me@eshelyaron.com \
    --cc=stefankangas@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).