From: "Gerd Möllmann" <gerd.moellmann@gmail.com>
To: Stefan Kangas <stefankangas@gmail.com>
Cc: 66245@debbugs.gnu.org, Alan Third <alan@idiocy.org>,
Eshel Yaron <me@eshelyaron.com>
Subject: bug#66245: [PATCH] ; Silence macOS 14 warning
Date: Fri, 29 Sep 2023 12:11:50 +0200 [thread overview]
Message-ID: <m2msx5thjt.fsf@Pro.fritz.box> (raw)
In-Reply-To: <CADwFkm=okq+jOBezW6CHPTk5CQ8Vj6kiyU7WKS1geADZx7CPTA@mail.gmail.com> (Stefan Kangas's message of "Fri, 29 Sep 2023 02:38:29 -0700")
Stefan Kangas <stefankangas@gmail.com> writes:
> Gerd Möllmann <gerd.moellmann@gmail.com> writes:
>
>>> Without this code, are we enabling malicious processes to escape the
>>> macOS sandbox, and gain the same privileges as the Emacs process?
>>
>> Well, not that drastically... From the release notes of macOS 12 Appkit
>> (we're now at 14).
>>
>> https://developer.apple.com/documentation/macos-release-notes/appkit-release-notes-for-macos-12?changes=lat__5_3
>>
>> Restorable State
>>
>> To enable secure coding for a restorable state, implement
>> applicationSupportsSecureRestorableState(_:). When opted in:
>>
>> The system requires classes passed to restorationClass to
>> explicitly conform to NSWindowRestoration.
>>
>> ...
>>
>> I understand that as meaning that this switches on additional checks in
>> Appkit. That should be okay for Emacs because it doesn't use this
>> feature of Appkit, at least AFAIK.
>
> Thanks. IIUC, that seems to speak in favor of not making an emergency
> release of Emacs 29.2 at this point.
I agree. The new method would just enable "secure coding" for
restorable state on macOS < 14 (it's the default in 14), but since we're
not using this stuff to begin with, it's kind of pointless.
next prev parent reply other threads:[~2023-09-29 10:11 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-27 19:00 bug#66245: [PATCH] ; Silence macOS 14 warning Eshel Yaron via Bug reports for GNU Emacs, the Swiss army knife of text editors
2023-09-28 10:35 ` Alan Third
2023-09-28 13:46 ` Eshel Yaron via Bug reports for GNU Emacs, the Swiss army knife of text editors
2023-09-28 21:47 ` Alan Third
2023-09-28 22:16 ` Stefan Kangas
2023-09-28 22:37 ` Alan Third
2023-09-29 1:38 ` Yuan Fu
2023-09-29 9:34 ` Stefan Kangas
2023-09-29 15:10 ` Eli Zaretskii
2023-09-29 9:21 ` Gerd Möllmann
2023-09-29 9:38 ` Stefan Kangas
2023-09-29 10:11 ` Gerd Möllmann [this message]
2023-09-29 15:36 ` Alan Third
2023-09-29 14:55 ` Eli Zaretskii
2023-09-29 11:35 ` Stefan Kangas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2msx5thjt.fsf@Pro.fritz.box \
--to=gerd.moellmann@gmail.com \
--cc=66245@debbugs.gnu.org \
--cc=alan@idiocy.org \
--cc=me@eshelyaron.com \
--cc=stefankangas@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).