Tuesday, July 13, 2021

Gatekeeper LaunchAgents Bypass

Csaba Fitzl:

On macOS Mojave Gatekeeper only verifies executables, which are run with the open command or the user double clicks. It won’t verify files, that are executed through other means like, directly executing a binary ./myapp regardless of the quarantine attribute. If you can place a plist file inside LaunchAgents/LaunchDaemons, the command inside will also be executed. Prior to Catalina there is a way to trick users to drag & drop files in the LaunchAgents folder.

On macOS Catalina lot has changed, the most notable one regarding gatekeeper is that it will verify files when executed via classic ‘exec’ methods.

I don’t think that the suggested drag install trick works because it’s impossible to make a single symlink for every user’s home folder, each of which has a different username.

Comments RSS · Twitter

Leave a Comment