{"id":37986,"date":"2022-12-26T15:32:18","date_gmt":"2022-12-26T20:32:18","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=37986"},"modified":"2022-12-26T16:13:23","modified_gmt":"2022-12-26T21:13:23","slug":"gatekeepers-achilles-heel","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2022\/12\/26\/gatekeepers-achilles-heel\/","title":{"rendered":"Gatekeeper’s Achilles Heel"},"content":{"rendered":"

Jonathan Bar Or<\/a>:<\/p>\n

\n

Considering symbolic links are preserved in archives and aren’t assigned with quarantine attributes—we looked for a mechanism that could persist different kinds of metadata over archives.<\/p>\n

After some investigation, we discovered a way to persist important file metadata through a mechanism called AppleDouble.<\/p>\n

[…]<\/p>\n

Equipped with this information, we decided to add very restrictive ACLs to the downloaded files. Those ACLs prohibit Safari (or any other program) from setting new extended attributes, including the com.apple.quarantine<\/em> attribute.<\/p>\n<\/blockquote>\n\n

This is pretty clever and was fixed in macOS 12.6.2 and in Ventura.<\/p>\n\n

Previously:<\/p>\n