Monday, December 26, 2022

Gatekeeper’s Achilles Heel

Jonathan Bar Or:

Considering symbolic links are preserved in archives and aren’t assigned with quarantine attributes—we looked for a mechanism that could persist different kinds of metadata over archives.

After some investigation, we discovered a way to persist important file metadata through a mechanism called AppleDouble.


Equipped with this information, we decided to add very restrictive ACLs to the downloaded files. Those ACLs prohibit Safari (or any other program) from setting new extended attributes, including the attribute.

This is pretty clever and was fixed in macOS 12.6.2 and in Ventura.


Comments RSS · Twitter · Mastodon

Leave a Comment