From debbugs-submit-bounces@debbugs.gnu.org Wed Sep 27 15:01:14 2023 Received: (at submit) by debbugs.gnu.org; 27 Sep 2023 19:01:14 +0000 Received: from localhost ([127.0.0.1]:52525 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qlZmc-0002mb-G7 for submit@debbugs.gnu.org; Wed, 27 Sep 2023 15:01:14 -0400 Received: from lists.gnu.org ([2001:470:142::17]:55100) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qlZmZ-0002mM-Mi for submit@debbugs.gnu.org; Wed, 27 Sep 2023 15:01:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlZmF-0005hd-HW for bug-gnu-emacs@gnu.org; Wed, 27 Sep 2023 15:00:51 -0400 Received: from mail.eshelyaron.com ([107.175.124.16] helo=eshelyaron.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlZmD-00038o-DH for bug-gnu-emacs@gnu.org; Wed, 27 Sep 2023 15:00:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=eshelyaron.com; s=mail; t=1695841247; bh=pqS3n+Z9yxirEJBCAZHApXPjozeVGj9SkSmOH4ew0Iw=; h=From:To:Subject:Date:From; b=wbGDUpQYT9kY2tcHp55NBp0jNxNumb6ybhgahpgGg/BEfjuqxqd2MBABqmvcviN8k NOPrywJ2N0+ceEE2G1rg21/+qe1+lODVgdCHJZFky46FnDdTs/tzwv556F2VxLnvSv nagl8Psbi9GrHf3RebNkghD98CWsJJCGKftK+jEFynXLDmQGGCDk89i3eP3mbHD2pB GQzYrim4/okZQH8YH5oPqqOensuygASll9MeRnmTELJ2V5Hd2nKWOilaVFWmen4jl7 twwhsNUezDwf2OVaBVlWXGCmwszaEdW/qKKSsF3VBedTwShvxxf/ydfTfAgUfspKms kK9l5r8dyb6Og== From: Eshel Yaron To: bug-gnu-emacs@gnu.org Subject: [PATCH] ; Silence macOS 14 warning X-Hashcash: 1:20:230927:bug-gnu-emacs@gnu.org::7MXLGGYY6y2K7tkU:04jF Date: Wed, 27 Sep 2023 21:00:45 +0200 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Received-SPF: pass client-ip=107.175.124.16; envelope-from=me@eshelyaron.com; helo=eshelyaron.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) --=-=-= Content-Type: text/plain Tags: patch Hi, After updating to macOS 14 (and rebuilding Emacs), I see the following warning whenever I start Emacs: WARNING: Secure coding is not enabled for restorable state! Enable secure coding by implementing NSApplicationDelegate.applicationSupportsSecureRestorableState: and returning YES. This patch does exactly what the warning suggests, and it silences the warning. TBH I'm not entirely sure I understand the implications of implementing `applicationSupportsSecureRestorableState`. IIUC it makes Emacs opt-in to the "secure state restoration" mechanism in contrast to a former (supposedly less secure) mechanism, but AFAICT Emacs doesn't opt-in to state restoration in the NS port in the first place... --=-=-= Content-Type: text/patch Content-Disposition: attachment; filename=0001-Silence-macOS-14-warning.patch >From 10a9205535c20ff951c61fb84a32b9ab6511fc67 Mon Sep 17 00:00:00 2001 From: Eshel Yaron Date: Wed, 27 Sep 2023 20:46:26 +0200 Subject: [PATCH] ; Silence macOS 14 warning * src/nsterm.m: Implement 'applicationSupportsSecureRestorableState' to silence warning on macOS 14. --- src/nsterm.m | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/nsterm.m b/src/nsterm.m index 4e0dfa58c63..e46b71a499b 100644 --- a/src/nsterm.m +++ b/src/nsterm.m @@ -6110,6 +6110,11 @@ - (void)antialiasThresholdDidChange:(NSNotification *)notification */ +- (BOOL) applicationSupportsSecureRestorableState:(NSApplication *)app +{ + return YES; +} + - (void) terminate: (id)sender { struct input_event ie; -- 2.42.0 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Sep 28 06:35:57 2023 Received: (at 66245) by debbugs.gnu.org; 28 Sep 2023 10:35:57 +0000 Received: from localhost ([127.0.0.1]:53124 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qloNA-0005Xc-Nk for submit@debbugs.gnu.org; Thu, 28 Sep 2023 06:35:57 -0400 Received: from dane.soverin.net ([2a10:de80:1:4092:b9e9:2295:0:1]:42925) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qloN7-0005XI-9R for 66245@debbugs.gnu.org; Thu, 28 Sep 2023 06:35:54 -0400 Received: from smtp.soverin.net (c04smtp-lb01.int.sover.in [10.10.4.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dane.soverin.net (Postfix) with ESMTPS id 4Rx8yC1p34zypw; Thu, 28 Sep 2023 10:35:31 +0000 (UTC) Received: from smtp.soverin.net (smtp.soverin.net [10.10.4.99]) by soverin.net (Postfix) with ESMTPSA id 4Rx8yB5qZBzLn; Thu, 28 Sep 2023 10:35:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=idiocy.org; s=soverin; t=1695897331; bh=ZlLhliUEKZyXsMCb9us4LdveeJAg2Ref2O0IT1m1F4c=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=hx3SY8GirkBXxMrMlRF/Qct6AncCvFyLQEAEUVNELJn1Ywxu0LprJReUNlhXQynGo FzPvzSYFaVoXQ0o8uhWhmCMjwD1bxX4qvo7Pif0ir4ARPZwiJAPZJsR971Wgfp1eR5 DZofDrKfK+ULxOHzRTSxD5xCVd6KhM/enPVZNlFXTjnQI07MSzmzL7dWe8/pohYnaC RKEMVdfMcC9esmirBoncc+DiSvYqur18gVONrAktoQj4MugMoYUwMzLBJvkBKryYlQ J6jtPnsS4LF8Wv6UHDU57fw5coPhv2fg+F9MworoJGsEB67V3OUUpnwYmCvoRH6KHj WMve13rbihLeA== Received: from alan by faroe.holly.idiocy.org with local (Exim 4.96) (envelope-from ) id 1qloMj-000OjZ-2u; Thu, 28 Sep 2023 11:35:29 +0100 Date: Thu, 28 Sep 2023 11:35:29 +0100 X-Soverin-Authenticated: true From: Alan Third To: Eshel Yaron Subject: Re: bug#66245: [PATCH] ; Silence macOS 14 warning Message-ID: Mail-Followup-To: Alan Third , Eshel Yaron , 66245@debbugs.gnu.org References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 66245 Cc: 66245@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) On Wed, Sep 27, 2023 at 09:00:45PM +0200, Eshel Yaron via Bug reports for GNU Emacs, the Swiss army knife of text editors wrote: > Tags: patch > > Hi, > > After updating to macOS 14 (and rebuilding Emacs), I see the following > warning whenever I start Emacs: > > WARNING: Secure coding is not enabled for restorable state! Enable secure coding by implementing NSApplicationDelegate.applicationSupportsSecureRestorableState: and returning YES. > > This patch does exactly what the warning suggests, and it silences the > warning. > > TBH I'm not entirely sure I understand the implications of implementing > `applicationSupportsSecureRestorableState`. IIUC it makes Emacs opt-in > to the "secure state restoration" mechanism in contrast to a former > (supposedly less secure) mechanism, but AFAICT Emacs doesn't opt-in to > state restoration in the NS port in the first place... A description of what this fixes is here: https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/ I'm not sure if making this change will affect us, as I don't think we support saved states, although I could be wrong. Is it possible for you to try a before and after test of how Emacs handles saving the state over a reboot? That is, have a running Emacs with open files and reboot, tick the "reopen windows when logging back in" option, and see if it behaves differently with this patch applied and not applied? If it doesn't then I think this is probably safe and won't affect us, so we should apply it. Otherwise we'll need to examine what's changed and see if we can work around it. Thanks! -- Alan Third From debbugs-submit-bounces@debbugs.gnu.org Thu Sep 28 09:46:58 2023 Received: (at 66245) by debbugs.gnu.org; 28 Sep 2023 13:46:59 +0000 Received: from localhost ([127.0.0.1]:53331 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qlrM2-0005qz-L9 for submit@debbugs.gnu.org; Thu, 28 Sep 2023 09:46:58 -0400 Received: from mail.eshelyaron.com ([107.175.124.16]:46616 helo=eshelyaron.com) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qlrLy-0005qn-0L for 66245@debbugs.gnu.org; Thu, 28 Sep 2023 09:46:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=eshelyaron.com; s=mail; t=1695908799; bh=u1MMhjgvQA3pH2DXbciAfRq1cn9p2AC7B3QN3URIoeA=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=mFzcZjM0K3k+n8F9A7TMreagdfmD7oNKNA247JY5HWEeS74eZko6bOIbA+IeeD5NZ WfvLTqDcF+RlUzqbDt5c4EWy66tPOTLyYrltza48coES0fas7kOe0p7i4qeRV8pHiM WmXZxC2OT/lBcnyE2bpU4jIGpCteqtn8t9b3hUv8pX/00b1rcHfZdRP+SYXBvddDti IgwF+NNLYFcCf1MU9aVSiRnwYiI1vWBFE+uQ3J26JBukg0yj6zzY2zqiVYSjPKpFPL vf5XnL9ms6ESs6eX/S/azDSR+cTGo/Po5NwtvQbHfZ0mqzU6VqK/mPArNCk8oJ1lbH le7Hxm+rqcksA== From: Eshel Yaron To: Alan Third Subject: Re: bug#66245: [PATCH] ; Silence macOS 14 warning In-Reply-To: (Alan Third's message of "Thu, 28 Sep 2023 11:35:29 +0100") References: X-Hashcash: 1:20:230928:66245@debbugs.gnu.org::s9lWcXH7VRUPHaTd:heJ X-Hashcash: 1:20:230928:alan@idiocy.org::l9TTDBdx2jWWGpVi:Iw3 Date: Thu, 28 Sep 2023 15:46:36 +0200 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 66245 Cc: 66245@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Alan, > I'm not sure if making this change will affect us, as I don't think we > support saved states, although I could be wrong. Yes, that's what I thought too. > Is it possible for you to try a before and after test of how Emacs > handles saving the state over a reboot? That is, have a running Emacs > with open files and reboot, tick the "reopen windows when logging back > in" option, and see if it behaves differently with this patch applied > and not applied? I tried that now, and I couldn't see any difference. With and without my patch, Emacs starts after reboot and shows the usual *scratch* buffer, with no sign of the buffers/files that I had open before rebooting. (That could have been nice though!) From debbugs-submit-bounces@debbugs.gnu.org Thu Sep 28 17:48:00 2023 Received: (at 66245) by debbugs.gnu.org; 28 Sep 2023 21:48:00 +0000 Received: from localhost ([127.0.0.1]:54653 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qlyrX-00012R-RG for submit@debbugs.gnu.org; Thu, 28 Sep 2023 17:48:00 -0400 Received: from dane.soverin.net ([185.233.34.149]:36929) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qlyrV-00011N-CC for 66245@debbugs.gnu.org; Thu, 28 Sep 2023 17:47:58 -0400 Received: from smtp.soverin.net (c04smtp-lb01.int.sover.in [10.10.4.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by dane.soverin.net (Postfix) with ESMTPS id 4RxRsh0crQzyS5; Thu, 28 Sep 2023 21:47:36 +0000 (UTC) Received: from smtp.soverin.net (smtp.soverin.net [10.10.4.99]) by soverin.net (Postfix) with ESMTPSA id 4RxRsg26SZzLn; Thu, 28 Sep 2023 21:47:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=idiocy.org; s=soverin; t=1695937655; bh=IvkBIrXjlsJBxUFzvHf9x+Hut7scwEJQkiOQxk7A6P8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=XzS57KVVFqRomFiavvKDHTjhHCG+S4jI3NEqhe2HUKCRKvRwpS+Tpcv7r8c+UGO49 hzOSOT0RrPTuJVmWcSUYlpJS0LzjBGcWIOTE01zrMl80dTZlLp2VTq0DI3/+fHpDAU OfwzCHV7q/7W2EJCCpWt7grGsiXYAdDO6G32YCHyLCC/YFYNgzoA0URnmk+2PCaXON +0KVZYHEfCyDC795nzlwc6ILYBZdQj2GNMfzLtPVSnh1qhtogov9731fxJxGvfEAE0 Qu7Rr1Qn5741LwBqlQ2QhH+2M/VWaLbiCudASuDB33XeiY6Gjf0+TodtHE+Bc07GhW 80E+wefHmPs5Q== Received: from alan by faroe.holly.idiocy.org with local (Exim 4.96) (envelope-from ) id 1qlyr8-000PJn-1H; Thu, 28 Sep 2023 22:47:34 +0100 Date: Thu, 28 Sep 2023 22:47:34 +0100 X-Soverin-Authenticated: true From: Alan Third To: Eshel Yaron Subject: Re: bug#66245: [PATCH] ; Silence macOS 14 warning Message-ID: Mail-Followup-To: Alan Third , Eshel Yaron , 66245@debbugs.gnu.org References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 66245 Cc: 66245@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) On Thu, Sep 28, 2023 at 03:46:36PM +0200, Eshel Yaron wrote: > > Is it possible for you to try a before and after test of how Emacs > > handles saving the state over a reboot? That is, have a running Emacs > > with open files and reboot, tick the "reopen windows when logging back > > in" option, and see if it behaves differently with this patch applied > > and not applied? > > I tried that now, and I couldn't see any difference. With and without > my patch, Emacs starts after reboot and shows the usual *scratch* > buffer, with no sign of the buffers/files that I had open before > rebooting. (That could have been nice though!) Thank you for testing that. I think this should go into emacs-29, but it's unclear to me what the (security) implications are. This change is required to fix CVE-2021-30873, which is rated "high", however it's over a year old at this point, and given that Apple are requiring us to explicitly set this in our code rather than forcing it on us, does that mean they don't consider it that big of a deal? Eli, Stefan, any thoughts? Does this look bad enough to force a new Emacs 29 release? The link with the in-depth explanation again: https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/ CVE info: https://nvd.nist.gov/vuln/detail/CVE-2021-30873 -- Alan Third From debbugs-submit-bounces@debbugs.gnu.org Thu Sep 28 18:16:48 2023 Received: (at 66245) by debbugs.gnu.org; 28 Sep 2023 22:16:48 +0000 Received: from localhost ([127.0.0.1]:54659 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qlzJP-0001vq-Kg for submit@debbugs.gnu.org; Thu, 28 Sep 2023 18:16:47 -0400 Received: from mail-lj1-x230.google.com ([2a00:1450:4864:20::230]:48492) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qlzJL-0001vX-AV for 66245@debbugs.gnu.org; Thu, 28 Sep 2023 18:16:46 -0400 Received: by mail-lj1-x230.google.com with SMTP id 38308e7fff4ca-2c17de836fbso77647851fa.1 for <66245@debbugs.gnu.org>; Thu, 28 Sep 2023 15:16:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695939382; x=1696544182; darn=debbugs.gnu.org; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:from:to:cc:subject:date:message-id:reply-to; bh=buvZqvkEkYkDmvpypBveyqq2TmMTSKnXYrCKkN2ILVE=; b=Vsv9EOw1Mzt5nRfKalJcT64XyWF5IrNDfPdanZdVbukra9DJOy9/8jAVR6R7IMwi9n Vvht7JhHVzB9QU5B7o5WHgygV/OQp0/f6ebX1mwkPpVSLDN/gwLX2aPysCKVCiaEmXK4 IglbOmd874lrDZfkyLfI3+H9IKPvRs2jas+1gPgkESNXJDUl+9ltjVAeHRtgdMe+wXXi FzsJU7HbET63y7OpuHRG0wTu9I+2AZyxwerbhPp7ZYEnoNCxCgEnYHrZCdF0GTQyNaYt o5xxLkqVQH4/uRAhCRxl6NC+C9s31WMo2Wgb6Yel3z7n9QSyw/8zwihkSeQGuwPoYKjr Bxhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695939382; x=1696544182; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=buvZqvkEkYkDmvpypBveyqq2TmMTSKnXYrCKkN2ILVE=; b=qgHr5BJQIU/uTFjru11NLWe5sQesjCfS0Ih+I1nZ6ZQsNrrFDIsTvXTNugp5Cj4GLg RQwmQQrql0KlrXgpzcx/jtw+coP3904Kzvj1Gok0SIkVIt8Twhx9uqDM/M9Aj2XKz58t jSvyqNbD8ncimh/9BSem2giuyh28S4vOVfU51dnk4Bi/jOLtfoRaFoLNj+6X73AHzfdS 2zc8aXiimpMlfRCNk2v95tZG2F6idDHpMdDRjllN0sDYWwIyKRa/FKB10/JtXuy1qBnZ rdH6am0zBJATlBIj5WCTrzSogJ1K5Myl2jCgQt4+8xNluKrHfb41kdNM67XOj2c9V7E/ NEgQ== X-Gm-Message-State: AOJu0YyY83Vb2iglhZ9bnWzgs5D5BajWKHqYPbGBqZ+y5pPzCv5fU5Np fqKSn9zOQjRA/EuMSJDellR4JnhTD9XCF7dzy/c= X-Google-Smtp-Source: AGHT+IE52OvD7qMRVz/dBPRioMuxJTGyGca5VPO/TIlxrR8QEpOUQNUingWALyTxVfX5Hnb7cmVOWQxtER02iT8dq+k= X-Received: by 2002:a05:6512:1284:b0:4ff:a04c:8a5b with SMTP id u4-20020a056512128400b004ffa04c8a5bmr2661166lfs.47.1695939382102; Thu, 28 Sep 2023 15:16:22 -0700 (PDT) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Thu, 28 Sep 2023 15:16:21 -0700 From: Stefan Kangas In-Reply-To: References: MIME-Version: 1.0 Date: Thu, 28 Sep 2023 15:16:21 -0700 Message-ID: Subject: Re: bug#66245: [PATCH] ; Silence macOS 14 warning To: Alan Third , Eshel Yaron Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 66245 Cc: 66245@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Alan Third writes: > Eli, Stefan, any thoughts? Does this look bad enough to force a new > Emacs 29 release? > > The link with the in-depth explanation again: > > https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/ Let's see if I understand this right. Without this code, are we enabling malicious processes to escape the macOS sandbox, and gain the same privileges as the Emacs process? It is presumably easy for some malware to just test all processes on the machine until one is found to be vulnerable, right? So they don't have to specifically target Emacs? The full exploit chain there is not very easy to understand, but it seems like several techniques are used for some of the more nasty stuff, and some of the steps have been fixed already. There can be other ways to do the same thing of course. So I'm not sure what to say about the urgency of fixing this; it could be urgent, or it could wait until 29.2. What is your view? Another thing. The link says: Nevertheless, if you write an Objective-C application, please make sure you add -applicationSupportsSecureRestorableState: to return TRUE and to adapt secure coding for all classes used for your saved states! Do we use "secure coding for all classes used for saved states", or does that also need to be fixed? BTW, any idea why we're only hearing about it now? From debbugs-submit-bounces@debbugs.gnu.org Thu Sep 28 18:38:23 2023 Received: (at 66245) by debbugs.gnu.org; 28 Sep 2023 22:38:23 +0000 Received: from localhost ([127.0.0.1]:54671 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qlze4-0002XI-Om for submit@debbugs.gnu.org; Thu, 28 Sep 2023 18:38:23 -0400 Received: from dane.soverin.net ([185.233.34.149]:33475) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qlzdy-0002Wf-Vx for 66245@debbugs.gnu.org; Thu, 28 Sep 2023 18:38:07 -0400 Received: from smtp.soverin.net (c04smtp-lb01.int.sover.in [10.10.4.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dane.soverin.net (Postfix) with ESMTPS id 4RxSzV0wxVzyxq; Thu, 28 Sep 2023 22:37:42 +0000 (UTC) Received: from smtp.soverin.net (smtp.soverin.net [10.10.4.99]) by soverin.net (Postfix) with ESMTPSA id 4RxSzT51hzzLn; Thu, 28 Sep 2023 22:37:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=idiocy.org; s=soverin; t=1695940662; bh=CPMbK67si6SR7ZbGlFnPVV5WzyORHsm8htjUKYDPZBE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=KfMBE+dfSb9KVOK3cegs1DLCmub0DovznD5E+yCqmEooP9h3TjD4O+Kf2zpUXEI3k qI+oLR7QrlKKEXxtBOP4eYKjfDf/7dZkb4cZAdIMhtSc8xZ3QyLg9PeBMvjkrGdtA9 /3Osnmtm5ejpJNglK9TJNFfS0q2mazAZkvIm0LZs5WzOvp1AEyomq6DM8ZD9GbbEHm 3O7qvYKtngZgn5IFnaaR5ij9uo5EtCageugwyA90v7XZkDX0jrebM9GbxDpGqswMHv quqCH5/gQSwtm53ea/OgN/zDCy8G1DzUjCE2NaTuHMJ3fGqbumDV7wt7g8mITPw1Xt X95W1xeNaeIbg== Received: from alan by faroe.holly.idiocy.org with local (Exim 4.96) (envelope-from ) id 1qlzdd-000PXq-0Z; Thu, 28 Sep 2023 23:37:41 +0100 Date: Thu, 28 Sep 2023 23:37:41 +0100 X-Soverin-Authenticated: true From: Alan Third To: Stefan Kangas Subject: Re: bug#66245: [PATCH] ; Silence macOS 14 warning Message-ID: Mail-Followup-To: Alan Third , Stefan Kangas , Eshel Yaron , 66245@debbugs.gnu.org References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 66245 Cc: 66245@debbugs.gnu.org, Eshel Yaron X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Thu, Sep 28, 2023 at 03:16:21PM -0700, Stefan Kangas wrote: > Alan Third writes: > > > Eli, Stefan, any thoughts? Does this look bad enough to force a new > > Emacs 29 release? > > > > The link with the in-depth explanation again: > > > > https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/ > > Let's see if I understand this right. > > Without this code, are we enabling malicious processes to escape the > macOS sandbox, and gain the same privileges as the Emacs process? As I understand it, yes. I'm not sure that Emacs has any particularly noteworthy privileges, though. The example they give is an application that has installer type privileges, which I doubt Emacs would ever have or need. > It is presumably easy for some malware to just test all processes on the > machine until one is found to be vulnerable, right? So they don't have > to specifically target Emacs? Possibly. I'm not entirely clear. I think the process is to create a fake "state" file and put it in the right place on the users machine and the next time they reboot it will use that file. > The full exploit chain there is not very easy to understand, but it > seems like several techniques are used for some of the more nasty stuff, > and some of the steps have been fixed already. There can be other ways > to do the same thing of course. So I'm not sure what to say about the > urgency of fixing this; it could be urgent, or it could wait until 29.2. > What is your view? I'm not sure either. Is there a rough timeline for the release of 29.2? I feel like this is perhaps not very urgent, but if we're talking, say, three or four months or more we maybe don't want to wait that long. > Another thing. The link says: > > Nevertheless, if you write an Objective-C application, please make > sure you add -applicationSupportsSecureRestorableState: to return > TRUE and to adapt secure coding for all classes used for your saved > states! > > Do we use "secure coding for all classes used for saved states", or does > that also need to be fixed? I believe that's what Eshel's patch does. > BTW, any idea why we're only hearing about it now? I guess Eshel's the first person to try building with the relevant version of xcode who's noticed and reported the message. However that version of xcode must have come out over a year ago (going by the date on that article) so I don't know why nobody's noticed it before now. My Mac is years behind, and I rarely build Emacs on it, so I don't get these messages at all. -- Alan Third From debbugs-submit-bounces@debbugs.gnu.org Thu Sep 28 21:38:44 2023 Received: (at 66245) by debbugs.gnu.org; 29 Sep 2023 01:38:44 +0000 Received: from localhost ([127.0.0.1]:54748 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qm2Sp-0007xJ-U6 for submit@debbugs.gnu.org; Thu, 28 Sep 2023 21:38:44 -0400 Received: from mail-pl1-x62f.google.com ([2607:f8b0:4864:20::62f]:42186) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qm2Sl-0007wk-KD for 66245@debbugs.gnu.org; Thu, 28 Sep 2023 21:38:42 -0400 Received: by mail-pl1-x62f.google.com with SMTP id d9443c01a7336-1c60f1a2652so1240835ad.0 for <66245@debbugs.gnu.org>; Thu, 28 Sep 2023 18:38:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695951499; x=1696556299; darn=debbugs.gnu.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=19ic6PQ9ekTIXRKAKBi29bNNpMDZCYLQvlnSVAs+w6w=; b=csH/xYCfxPKE3bqzuI1QAiU6rE6kLTAVYMbgq856osZfClBkPWRY3jOSZ7WeHzFrRJ BIbuz+8pjlCGtk4vz19WMPOiuCk1Z9ZFnFnSzIUJJBPx3rHWS/vbGkqkceKBVVxrWIhG YqToFplpzrF0rqARF4zeqEZJb06v+0QXFByrBwtIJkEi3KXBXt3g6TPjfAu48nf3ZgH3 yBfdc82Rl5jtPjGVsK8UzcoYqb/klFpRptvtlUO8RNkujnUkl+9bDxfwVbpMuPpgmGJ1 OIlgS0gC1sqIbfKdvevnLfCGwj610b0jHDNZJKGoGh+zuY7gAumgtnVs6vLsmoVUKN6T lh3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695951499; x=1696556299; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=19ic6PQ9ekTIXRKAKBi29bNNpMDZCYLQvlnSVAs+w6w=; b=kcCO3dv1eGJKfxrBJVUheoJKl+cH+L/lIQakIO/WQDYTxs4Q+Nm8Oh/aCo3Y9n14IW +AOGTcLMFA9mEuDVEKTbgCh4/sqVWpsROxYHbWRx5whBPGn6POVYPe/+dR9EU77AL5l9 Oy1jmfioKr9/M5csjhe16BqPC2fOZWh3SOWbXTd53N8A7j7te4/ASV77UqmaXE1eWeDe PVNwFYLHd1WWamh2rdUz5SQa9Z/P0A5ymcjLyeumFodsnOoxjQe5fozjwNv+dDKdjISY DrSTUPKeX/q6662x63t2JnkruCofDmWpprQYyH7vKOMBq8qs3zjy+92PdCreWW3xjZLX Yr2g== X-Gm-Message-State: AOJu0YwOTe0TE/mTZBycLHUOXPYMauBj29HtS3iBHWUQfLUvlOeYGtVJ S63ecDGZJTCYVA9R4RoWLyw= X-Google-Smtp-Source: AGHT+IHR8/5Voghm4Vle8Y00egw6GrzkElIjb0lzHPoUYAT+NUzRVBawACOjpSg3dsWb5pE7X14PXw== X-Received: by 2002:a17:902:db04:b0:1bc:3908:14d with SMTP id m4-20020a170902db0400b001bc3908014dmr5759174plx.2.1695951499128; Thu, 28 Sep 2023 18:38:19 -0700 (PDT) Received: from smtpclient.apple (cpe-172-117-161-177.socal.res.rr.com. [172.117.161.177]) by smtp.gmail.com with ESMTPSA id p16-20020a170902e75000b001c446dea2c5sm15616089plf.143.2023.09.28.18.38.18 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 28 Sep 2023 18:38:18 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\)) Subject: Re: bug#66245: [PATCH] ; Silence macOS 14 warning From: Yuan Fu In-Reply-To: Date: Thu, 28 Sep 2023 18:38:07 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Alan Third X-Mailer: Apple Mail (2.3731.700.6) X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 66245 Cc: 66245@debbugs.gnu.org, Eshel Yaron , Stefan Kangas X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) >=20 >> BTW, any idea why we're only hearing about it now? >=20 > I guess Eshel's the first person to try building with the relevant > version of xcode who's noticed and reported the message. However that > version of xcode must have come out over a year ago (going by the date > on that article) so I don't know why nobody's noticed it before now. >=20 > My Mac is years behind, and I rarely build Emacs on it, so I don't get > these messages at all. MacOS 14 is just released, I think. I=E2=80=99ve been building Emacs on = macOS 13 and haven=E2=80=99t seen this warning. Yuan= From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 29 05:22:25 2023 Received: (at 66245) by debbugs.gnu.org; 29 Sep 2023 09:22:25 +0000 Received: from localhost ([127.0.0.1]:55337 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qm9hY-0004wJ-IS for submit@debbugs.gnu.org; Fri, 29 Sep 2023 05:22:24 -0400 Received: from mail-ed1-x529.google.com ([2a00:1450:4864:20::529]:47149) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qm9hW-0004w1-J8 for 66245@debbugs.gnu.org; Fri, 29 Sep 2023 05:22:23 -0400 Received: by mail-ed1-x529.google.com with SMTP id 4fb4d7f45d1cf-5334d78c5f6so17425589a12.2 for <66245@debbugs.gnu.org>; Fri, 29 Sep 2023 02:22:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695979321; x=1696584121; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=0HT2J6IfDQmWdqrKD1hxm9EjOPtAJT9r38XLsu5ioO8=; b=K7sjHKLGGl1KUiVw/8PfZxE9cABz+ZhC37aDmU4+pH16+RynXvYPUx1UU6DleHBIbL u7xs+2sW0RduVMtvcS8QyeFf0MMUcNpLOuJVx7oZqDj4qgYHU7n/XQWWTiI77hXUjoL5 L8MbB5RaxioN8BT5f0rCWQnOqX6EnrEPWygaMf1nyUDpzJBdzqZ44Zgf2VXkQzKDJx8l Pu9iYZkMAs8TlNrNgFoZPKG6UANP0ackHnq2AWtS3LNv4Om8vxhKHs5hq76wj40pbaa8 dm0qqusQaU1YHQpOGYg1sFbtQ6E37u4l9u+5783oqgJWp/AE3M0RuTZB3jqOwGIW/3GP PtyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695979321; x=1696584121; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=0HT2J6IfDQmWdqrKD1hxm9EjOPtAJT9r38XLsu5ioO8=; b=VibZ3tqFQvoHQXkHKDhky0qVPsl7+rkAsM7QnIlPQZHg+EeDV3QQUu0rHMUl87g0ol hf96NuPiFKpFVJIM2VTTfI/41waaYHVxRLWMXuVQXZNiD9Cej0wXhnS2OH9P66LfbtVQ fY98CFDj0K4uB5xmVmpzxwhptEyOC5DIeKDdI+xurw38rfOfVAzBpWszs7326wB0SXM7 2m6PYSA/jETCa2T0XcqkvFX0Voh0NeN71YgLOcwqu77i+QtaY9YUFU+CWudYhbco3C5g vI7s/Z6ktav3JDtF3lqmZTfl+ZdEsIuIO9LQgFxGshGzH7siTvxCkUg9OkW1O1D1IqXo 1uig== X-Gm-Message-State: AOJu0YwOZ50iwLAG90WS3QNxDWzKAGuAa+bNWKX1/4eJDpJ7yjk8Bu8/ IkdDP8LIwWsC1f6EL9BJHgWwVBKN8L5/OQ== X-Google-Smtp-Source: AGHT+IHNufRDAMWZPN9B0Qe28Q2Xt+YLAUsJ1Wx511wL1lfwJJWiCeAjkjMXKNNYSfGtSvWKs/sLOQ== X-Received: by 2002:a17:906:3116:b0:9ae:3c6c:6ecd with SMTP id 22-20020a170906311600b009ae3c6c6ecdmr3546023ejx.19.1695979320858; Fri, 29 Sep 2023 02:22:00 -0700 (PDT) Received: from Pro.fritz.box (p4fe3ae09.dip0.t-ipconnect.de. [79.227.174.9]) by smtp.gmail.com with ESMTPSA id o26-20020a1709061b1a00b0099bcb44493fsm12263852ejg.147.2023.09.29.02.22.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Sep 2023 02:22:00 -0700 (PDT) From: =?utf-8?Q?Gerd_M=C3=B6llmann?= To: Stefan Kangas Subject: Re: bug#66245: [PATCH] ; Silence macOS 14 warning In-Reply-To: (Stefan Kangas's message of "Thu, 28 Sep 2023 15:16:21 -0700") References: Date: Fri, 29 Sep 2023 11:21:59 +0200 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 66245 Cc: 66245@debbugs.gnu.org, Alan Third , Eshel Yaron X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Stefan Kangas writes: > Alan Third writes: > >> Eli, Stefan, any thoughts? Does this look bad enough to force a new >> Emacs 29 release? >> >> The link with the in-depth explanation again: >> >> https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/ > > Let's see if I understand this right. > > Without this code, are we enabling malicious processes to escape the > macOS sandbox, and gain the same privileges as the Emacs process? Well, not that drastically... From the release notes of macOS 12 Appkit (we're now at 14). https://developer.apple.com/documentation/macos-release-notes/appkit-release-notes-for-macos-12?changes=lat__5_3 Restorable State To enable secure coding for a restorable state, implement applicationSupportsSecureRestorableState(_:). When opted in: The system requires classes passed to restorationClass to explicitly conform to NSWindowRestoration. ... I understand that as meaning that this switches on additional checks in Appkit. That should be okay for Emacs because it doesn't use this feature of Appkit, at least AFAIK. > It is presumably easy for some malware to just test all processes on the > machine until one is found to be vulnerable, right? So they don't have > to specifically target Emacs? > > The full exploit chain there is not very easy to understand, but it > seems like several techniques are used for some of the more nasty stuff, > and some of the steps have been fixed already. There can be other ways > to do the same thing of course. So I'm not sure what to say about the > urgency of fixing this; it could be urgent, or it could wait until 29.2. > What is your view? > > Another thing. The link says: > > Nevertheless, if you write an Objective-C application, please make > sure you add -applicationSupportsSecureRestorableState: to return > TRUE and to adapt secure coding for all classes used for your saved > states! > > Do we use "secure coding for all classes used for saved states", or does > that also need to be fixed? > > BTW, any idea why we're only hearing about it now? I guess Apple is more and more turning on "Secure Coding" stuff in their libs. From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 29 05:35:17 2023 Received: (at 66245) by debbugs.gnu.org; 29 Sep 2023 09:35:17 +0000 Received: from localhost ([127.0.0.1]:55350 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qm9u1-0005If-2h for submit@debbugs.gnu.org; Fri, 29 Sep 2023 05:35:17 -0400 Received: from mail-lj1-x230.google.com ([2a00:1450:4864:20::230]:50686) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qm9tx-0005IL-H4 for 66245@debbugs.gnu.org; Fri, 29 Sep 2023 05:35:15 -0400 Received: by mail-lj1-x230.google.com with SMTP id 38308e7fff4ca-2c189dabcc3so45074991fa.1 for <66245@debbugs.gnu.org>; Fri, 29 Sep 2023 02:34:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695980093; x=1696584893; darn=debbugs.gnu.org; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:from:to:cc:subject:date:message-id:reply-to; bh=+CE0CVJk6DjKuLRJuSejKruOCj8ebptFXeRDdIbvNrw=; b=Ht0Bp28gM5slXEVtgQQvpbvsRibrC5hgPk4g4diAHgLvsSobXqjrJsyWstVWDTioXH SOcyWwmpEX/E4JLXCixGwMufNN2ZClUhutBvlY0jG/VXrQbIbUmChu8E+JkALFwPvILP EkAcSWg80L3TkOa8GPMP8cH5nPoz/LbpGHsoZMOxCR9HAvkys1I6COhxYcAzLDmpGAW3 PiYB/As8n+RjBgx6kAZu8IaYozyBTemTO+pv20y+UzovUf/U53AYYCRofByqSJbcMTUd XtukVEftbMzOoGv79/csdBUe3BgUx9c/lcd94Z1FbuiaxwGskXTT/FhgrojEpEoQUvsx KCeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695980093; x=1696584893; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+CE0CVJk6DjKuLRJuSejKruOCj8ebptFXeRDdIbvNrw=; b=NgbSWjO0E34wzXPu33JbajymbG07PtxKfaxoIft8ySjOx+gMH3QUCxPiVixuglXwsl 0fdEvb45gNSfB85BcPWKi6fKlxO+FozjIFgwJBND2L1htWzUu3NaY70fT6xQhbxDKF2Z UNVC8W9BugmeMVyqZhg5F7LZcsDi8mnzQi7OEEDmWnneUjv9ri+qoqwCXcJWlTnhMYPu fpUJLNHEJfF3FqaXspMlNyDHBra6Y4u8Mue9+li/cDgSmZEK3eRnCS4eA5ds9P/7OdHq 8YIVlrXuJ7yUCBvQLUf+fYbVeFGEaJxBYzUW3bXAzWzdxjNPsgtzjwnzksu4c0uuSZaf JHJw== X-Gm-Message-State: AOJu0YwwwpxjyaEgxJ73dIYUMJ1pg6VnFYQYEOxRz+UbWrBq1n1BHUB2 mbcZfuIoFGs/aIcEtbB7K71csOSG0SseBsBPvOo= X-Google-Smtp-Source: AGHT+IFt1ADTqVr5t6kznrq/m8r5Q8ewpkaCcPmb/zwBvnITPSicyEErf00lkT1FsIOTdmNxv45rBw87x9V8lhAS130= X-Received: by 2002:a2e:780f:0:b0:2bf:e65d:e816 with SMTP id t15-20020a2e780f000000b002bfe65de816mr2895443ljc.36.1695980092685; Fri, 29 Sep 2023 02:34:52 -0700 (PDT) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Fri, 29 Sep 2023 02:34:52 -0700 From: Stefan Kangas In-Reply-To: References: MIME-Version: 1.0 Date: Fri, 29 Sep 2023 02:34:52 -0700 Message-ID: Subject: Re: bug#66245: [PATCH] ; Silence macOS 14 warning To: Alan Third Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 66245 Cc: 66245@debbugs.gnu.org, eliz@gnu.org, Eshel Yaron X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Alan Third writes: > I'm not sure that Emacs has any particularly noteworthy privileges, > though. The example they give is an application that has installer > type privileges, which I doubt Emacs would ever have or need. One thing we do commonly have, I think, is access to the Documents directory. OTOH, on GNU/Linux we typically don't really have any special protection for user files. >> The full exploit chain there is not very easy to understand, but it >> seems like several techniques are used for some of the more nasty stuff, >> and some of the steps have been fixed already. There can be other ways >> to do the same thing of course. So I'm not sure what to say about the >> urgency of fixing this; it could be urgent, or it could wait until 29.2. >> What is your view? > > I'm not sure either. Is there a rough timeline for the release of > 29.2? I feel like this is perhaps not very urgent, but if we're > talking, say, three or four months or more we maybe don't want to wait > that long. I don't think we have a rough timeline for 29.2 as of now. I'm leaning towards just including this in the next release as usual, since the bug only affects the macOS port, and anyways, and IIUC, depends on other things being vulnerable to be exploited. But I'm very open to being convinced otherwise, if anyone sees any problems with that. Eli, do you have any comments here? From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 29 05:38:52 2023 Received: (at 66245) by debbugs.gnu.org; 29 Sep 2023 09:38:52 +0000 Received: from localhost ([127.0.0.1]:55354 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qm9xT-0005OA-Tn for submit@debbugs.gnu.org; Fri, 29 Sep 2023 05:38:52 -0400 Received: from mail-lj1-x22e.google.com ([2a00:1450:4864:20::22e]:61499) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qm9xS-0005Nx-NT for 66245@debbugs.gnu.org; Fri, 29 Sep 2023 05:38:51 -0400 Received: by mail-lj1-x22e.google.com with SMTP id 38308e7fff4ca-2b9c907bc68so226236931fa.2 for <66245@debbugs.gnu.org>; Fri, 29 Sep 2023 02:38:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695980310; x=1696585110; darn=debbugs.gnu.org; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:references:in-reply-to:from:from:to:cc:subject:date :message-id:reply-to; bh=dhsi9h2GvvoMO3rGUssgl7u+dHOHX6oKI4/3l9sDDJw=; b=cGbPBNM+EIzCn5eO2/DqjHQIIVbNJY1UQM+nNFtzK0k+RynQTGG54vlHKUaEASTDQl ctnT7svy/ojfdjmg9n5IBg5z2um9yWMBMe4r/cus/PC4xQOoyc9gcI5koleXW1fRq/Nw 5J+pyPJI4z1iPepMIYn9rKRbITVK6mdlWhUXIQ5GW7APyh+CnUvZ1EQ0Jse1Y26TmC56 PhrS9DC24TneUt0YtdKb1JNjltfq7NrmQ9RQ10rj0FSK9+/hK2HgSz4bCaw/lYRRz0IQ IZhKF/zkdDM/uOCos/flGkadhNMSvtpfjx8eAIXqA4Az07Qon25frt4y1+SDyC01nt80 61Iw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695980310; x=1696585110; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:references:in-reply-to:from:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=dhsi9h2GvvoMO3rGUssgl7u+dHOHX6oKI4/3l9sDDJw=; b=frpGI+4zcvqrIJCfvWEMDSmoyh+dZhvhy+a2nwRZKGWRda3KiOeWT+xb7xehWv/OhT TIKvSEdis6lNW9XORzSkpOmCpFcMYBkNfq/iIVkec2iKQYKSBEgAcOy3xfzL0S8gODfz w7JTnAvU7Yw4BCJjYkBxfzkc+X93XdVzgNAULVmCG6hI6GihXQP2F/RdjZRkuCYqHU6E qaI3HU6OUOJRXvYhCCuab0KUkrKzeS2pnenXmSqe1YHAMJuxygqyGuQUpmWq7qgckUmP I8gZLbTCJNFy179W1oY2wpQBBFNfcTZsVWbJO5TpDD072Ut9bMeBVIkZyVOFGyRFexR+ Wyuw== X-Gm-Message-State: AOJu0YzzFtXy8aYoxAS5iPO6eTDo6G4trCzxGtT1RGXoXfevW+IWLilM CQ3R7408KKvt7HvFuPWjKaYDGfPcJXGV5hPO5i4= X-Google-Smtp-Source: AGHT+IH60A29VB3/boQ+120KM+7G1rJa2lN0LHi64tVd0ncziu1RI6BwAeZJZpXnQ2YAiYcweS0pzd4/xYzSsZWXatY= X-Received: by 2002:a2e:9e95:0:b0:2bd:1908:4433 with SMTP id f21-20020a2e9e95000000b002bd19084433mr2903932ljk.50.1695980309779; Fri, 29 Sep 2023 02:38:29 -0700 (PDT) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Fri, 29 Sep 2023 02:38:29 -0700 From: Stefan Kangas In-Reply-To: References: MIME-Version: 1.0 Date: Fri, 29 Sep 2023 02:38:29 -0700 Message-ID: Subject: Re: bug#66245: [PATCH] ; Silence macOS 14 warning To: =?UTF-8?Q?Gerd_M=C3=B6llmann?= Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 66245 Cc: 66245@debbugs.gnu.org, Alan Third , Eshel Yaron X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Gerd M=C3=B6llmann writes: >> Without this code, are we enabling malicious processes to escape the >> macOS sandbox, and gain the same privileges as the Emacs process? > > Well, not that drastically... From the release notes of macOS 12 Appkit > (we're now at 14). > > https://developer.apple.com/documentation/macos-release-notes/appkit-rele= ase-notes-for-macos-12?changes=3Dlat__5_3 > > Restorable State > > To enable secure coding for a restorable state, implement > applicationSupportsSecureRestorableState(_:). When opted in: > > The system requires classes passed to restorationClass to > explicitly conform to NSWindowRestoration. > > ... > > I understand that as meaning that this switches on additional checks in > Appkit. That should be okay for Emacs because it doesn't use this > feature of Appkit, at least AFAIK. Thanks. IIUC, that seems to speak in favor of not making an emergency release of Emacs 29.2 at this point. From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 29 06:12:39 2023 Received: (at 66245) by debbugs.gnu.org; 29 Sep 2023 10:12:39 +0000 Received: from localhost ([127.0.0.1]:55390 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qmATy-0006NL-Rr for submit@debbugs.gnu.org; Fri, 29 Sep 2023 06:12:38 -0400 Received: from mail-wr1-x42b.google.com ([2a00:1450:4864:20::42b]:59476) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qmATm-0006N1-Gn for 66245@debbugs.gnu.org; Fri, 29 Sep 2023 06:12:19 -0400 Received: by mail-wr1-x42b.google.com with SMTP id ffacd0b85a97d-32336a30d18so5887499f8f.2 for <66245@debbugs.gnu.org>; Fri, 29 Sep 2023 03:11:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695982312; x=1696587112; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XHkQ0tZydjQHanAR1iiXQrkOBtBjgb5dqZ0nRR1N5W8=; b=f6AFz7QZhsPE14idrk1MS27TB1C4W9Gl85kLxmEoWH5XotZv6t4tXnIkgInCEuuJga DPCvyVa3CNZPnbUo0MtSE3GC9AaSWC2g2NDo/Gt9FhW4AinBhnBr3LD417HJYqI0uqKY RrdB5dXajtXeuxtVyXJuAlr0cz9tgy1aQnh+XHl0gU0Fi/bJdsKuJSvXzmFTCdEsqYAG I+vZ0gq+9NCw/kGHY5f9GQKKqMw6OoyIKeq15TJR7zglevcJQG+2yBqiBxLLjEnCauT+ vBeYPSkQzUaTgMyCTYItNBCe0twzEhh7o+IbzoK412e7jYwgQXs1S3AKbTwK82WybSSH 3P4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695982312; x=1696587112; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=XHkQ0tZydjQHanAR1iiXQrkOBtBjgb5dqZ0nRR1N5W8=; b=i24FrC+IaY8CnhoqPcgEMKQtMnBbuk6D+7uS8h+nNceFjZ45Q7JxgvdxyUTWhrQCBm JuP3N2Eo21Kw/4pTd9bji76RmdxgQgomblqgf1Ku8tYeNWYowypte/PgI1xwGzsBDwVl NlS6Y9shhQWj/dRGRfgXXnoo8LxtFPQNi545rOBQVcCMvYPLtcBpTYTGnBxlSK20RtB0 rahm0hxh5izTtyRo5kgR2fxM55pMSWq7dlnQYx4Mc3gvLH40U5X5hsIDqOsnadCBUKXd KUz+TPgnKSKCsjH07toXJjMyB4VpkPI3Hx7Qr8u/BbqJ5/dvulJa3hoAXhk1YaUJpmZ+ wL8g== X-Gm-Message-State: AOJu0YyTOo6sVSIRt/G+Tp0aJSaGRgJ8sREu+7XwlxPFHlpAz0zKC0pk ck3+91XztNJgEYUgmnLXxIQ= X-Google-Smtp-Source: AGHT+IEU88CAs4PQ0wI8HOGDlR4m4zVKAArjBCI2Hpd8tARYeu021T8F/fatHWrUOuR7zvw0g93G0w== X-Received: by 2002:a5d:5902:0:b0:31f:fd9c:8ee8 with SMTP id v2-20020a5d5902000000b0031ffd9c8ee8mr3880868wrd.38.1695982311478; Fri, 29 Sep 2023 03:11:51 -0700 (PDT) Received: from Pro.fritz.box (p4fe3ae09.dip0.t-ipconnect.de. [79.227.174.9]) by smtp.gmail.com with ESMTPSA id d12-20020adf9b8c000000b003233a8b425esm7408266wrc.115.2023.09.29.03.11.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Sep 2023 03:11:50 -0700 (PDT) From: =?utf-8?Q?Gerd_M=C3=B6llmann?= To: Stefan Kangas Subject: Re: bug#66245: [PATCH] ; Silence macOS 14 warning In-Reply-To: (Stefan Kangas's message of "Fri, 29 Sep 2023 02:38:29 -0700") References: Date: Fri, 29 Sep 2023 12:11:50 +0200 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 66245 Cc: 66245@debbugs.gnu.org, Alan Third , Eshel Yaron X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Stefan Kangas writes: > Gerd M=C3=B6llmann writes: > >>> Without this code, are we enabling malicious processes to escape the >>> macOS sandbox, and gain the same privileges as the Emacs process? >> >> Well, not that drastically... From the release notes of macOS 12 Appkit >> (we're now at 14). >> >> https://developer.apple.com/documentation/macos-release-notes/appkit-rel= ease-notes-for-macos-12?changes=3Dlat__5_3 >> >> Restorable State >> >> To enable secure coding for a restorable state, implement >> applicationSupportsSecureRestorableState(_:). When opted in: >> >> The system requires classes passed to restorationClass to >> explicitly conform to NSWindowRestoration. >> >> ... >> >> I understand that as meaning that this switches on additional checks in >> Appkit. That should be okay for Emacs because it doesn't use this >> feature of Appkit, at least AFAIK. > > Thanks. IIUC, that seems to speak in favor of not making an emergency > release of Emacs 29.2 at this point. I agree. The new method would just enable "secure coding" for restorable state on macOS < 14 (it's the default in 14), but since we're not using this stuff to begin with, it's kind of pointless. From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 29 07:36:30 2023 Received: (at 66245-done) by debbugs.gnu.org; 29 Sep 2023 11:36:31 +0000 Received: from localhost ([127.0.0.1]:55442 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qmBnK-00035h-D4 for submit@debbugs.gnu.org; Fri, 29 Sep 2023 07:36:30 -0400 Received: from mail-lj1-x229.google.com ([2a00:1450:4864:20::229]:56524) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qmBn9-00035Q-9f for 66245-done@debbugs.gnu.org; Fri, 29 Sep 2023 07:36:23 -0400 Received: by mail-lj1-x229.google.com with SMTP id 38308e7fff4ca-2bff7d81b5eso230363271fa.0 for <66245-done@debbugs.gnu.org>; Fri, 29 Sep 2023 04:36:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695987358; x=1696592158; darn=debbugs.gnu.org; h=to:subject:message-id:date:mime-version:references:in-reply-to:from :from:to:cc:subject:date:message-id:reply-to; bh=TjFvN/sMZZ4LvxifkzXpYERustgxkKq3iH9ceq3pzbo=; b=J6hLbO//U7BuoTv1MBlUxFZwH6VMdTXy/VLCROsKLDw9e7SJcypbVc3pI995BNAkcp 0cDKJdKpvcS6WgSTOONesIwVyZhruOgxixM0WgajqkR9th/6hU34S+h+G6jt5FOUtCMW /UYEBFO9WXHFaLCeAGcqQk2W6KQlIgu0b8nyXe3u6/dgnJbbJiU4pIO4phrphUHZS8tI hLFgRJWzpjb8rWo2o/kDZAJKVVofbSHtJ5Tq0zdGq+IgUQ4eLCzZf0xpkNvc2g2Z/xk2 FjLjNsCfHe5+aDccqB+maUHX+m5HHkaNZwX2NjgCR9tC7QWGbNTFEOleQYa6jHntI+Tc kmew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695987358; x=1696592158; h=to:subject:message-id:date:mime-version:references:in-reply-to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=TjFvN/sMZZ4LvxifkzXpYERustgxkKq3iH9ceq3pzbo=; b=TQYNejXnH6/g6dXsqvE4C/QzAZ8kOiJXBudMmOOu4/t/Rwqp/z1XjrY6tDrofHu/tK 8kQavvxVnzSiBCkTaHeBjMerSzydzJNOYnyX40DWgTI9B3xZZj3bNql8mDyBL1Y3/+DM mLGfkJ0al477HlTnr/Ce+tVTvQ/J+DswnF+jbvh+oHSCnANfKJESyFsxCpmtgYmaE130 xkQDB2FXB2vl1lslCxJp80E9RS0IAAUnffIZdB7Sso6TdpC3XZfN50wOGe1gIJjPuqvk 4UELvZ3+EFuqaarucf9AyNthfnF82sbI8V+pu61bgpqiK4Vf7yGBr10y/qFAC5d9vK0J K4Uw== X-Gm-Message-State: AOJu0YzpWjnBBMm0oqh4IINCygHp9Le8wgga89RMmGMIIrwHv5ANB6G1 YVGhldsIKPCmB5kUHjREa4V51vsmUzVZjGfYLVg= X-Google-Smtp-Source: AGHT+IEVSiq+Ms9LMQj32G9GEhgNha3f7Mweu1xuGOgn6SHbBWF3g6BEQ1bK+xMPu9wqoGbqvNhQQZzdLsLALFcAgWk= X-Received: by 2002:a2e:9956:0:b0:2ba:18e5:1064 with SMTP id r22-20020a2e9956000000b002ba18e51064mr3208421ljj.14.1695987358145; Fri, 29 Sep 2023 04:35:58 -0700 (PDT) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Fri, 29 Sep 2023 04:35:57 -0700 From: Stefan Kangas In-Reply-To: References: MIME-Version: 1.0 Date: Fri, 29 Sep 2023 04:35:57 -0700 Message-ID: Subject: Re: bug#66245: [PATCH] ; Silence macOS 14 warning To: Eshel Yaron , 66245-done@debbugs.gnu.org Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 66245-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Version: 29.2 Eshel Yaron via "Bug reports for GNU Emacs, the Swiss army knife of text editors" writes: > Tags: patch > > Hi, > > After updating to macOS 14 (and rebuilding Emacs), I see the following > warning whenever I start Emacs: > > WARNING: Secure coding is not enabled for restorable state! Enable secure coding by implementing NSApplicationDelegate.applicationSupportsSecureRestorableState: and returning YES. > > This patch does exactly what the warning suggests, and it silences the > warning. Thanks, this patch is now installed on emacs-29 ([1: a4185f87bd0]). I'm also closing the bug, but this obviously doesn't preclude further discussion. [1: a4185f87bd0]: 2023-09-29 13:32:55 +0200 ; Silence macOS 14 warning https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=a4185f87bd0e5c129ce93a56b5a3330e2d6b1776 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 29 10:56:38 2023 Received: (at 66245) by debbugs.gnu.org; 29 Sep 2023 14:56:38 +0000 Received: from localhost ([127.0.0.1]:56906 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qmEuz-0000nn-Oc for submit@debbugs.gnu.org; Fri, 29 Sep 2023 10:56:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56930) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qmEuv-0000nT-1Q for 66245@debbugs.gnu.org; Fri, 29 Sep 2023 10:56:37 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qmEuY-0005x1-Mm; Fri, 29 Sep 2023 10:56:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=8zp7VsEbGLuweU3YIGx2dTeQWMiDtQlxYwVSnYPZE5o=; b=Ix0lU07KlI3F kGpjTSfFlFApK6uAklCw1Oo95ulAbweiTaIw+ssoRkqQicB/Eb/gD0ASEPIzjrvA++9lCKz87oda1 DeysrtnpgO3+oZ63ylB9CihszZcl86tNA1Wn4ElcWet/I97cUGfiUzCoL1WHQ5kSNux5Nf79M+mgj Kj+voPAHhBVWs9cFYCgNve18ND1LJJsVpbioUCGRDi8E9XKatE+Ft13GrUtUEfpIEp7szAXCWifsN hqfhGm4wQDDD97nEtV3LN7g+2rdNHyRMbUG9/TmUJK0W+hbAGQFrV3DsHk7fjwK2UNO6ObHMxIrUn m4kCm4jJ3P1uAU7WSl7Ftw==; Date: Fri, 29 Sep 2023 17:55:47 +0300 Message-Id: <83cyy1yqoc.fsf@gnu.org> From: Eli Zaretskii To: Alan Third In-Reply-To: (message from Alan Third on Thu, 28 Sep 2023 22:47:34 +0100) Subject: Re: bug#66245: [PATCH] ; Silence macOS 14 warning References: X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66245 Cc: 66245@debbugs.gnu.org, me@eshelyaron.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > Cc: 66245@debbugs.gnu.org > Date: Thu, 28 Sep 2023 22:47:34 +0100 > From: Alan Third > > Eli, Stefan, any thoughts? Does this look bad enough to force a new > Emacs 29 release? I don't understand this issue clearly enough to have an opinion, so I trust you guys to decide whether this is important. In any case, if we are worth our salt, Emacs 29.2 should be just a month or two away, so I wouldn't make any emergency releases before that, just for this issue. After all, it isn't like Emacs doesn't work, it just annoys you with a message at startup, right? From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 29 11:11:44 2023 Received: (at 66245) by debbugs.gnu.org; 29 Sep 2023 15:11:44 +0000 Received: from localhost ([127.0.0.1]:56933 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qmF9b-0003yv-Lp for submit@debbugs.gnu.org; Fri, 29 Sep 2023 11:11:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53046) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qmF9V-0003yc-Ld for 66245@debbugs.gnu.org; Fri, 29 Sep 2023 11:11:42 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qmF9A-0000fQ-HK; Fri, 29 Sep 2023 11:11:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=wDvWI0OB1/MUYbATOJ6VnRwqgSIN7YF6H4QKxpfMXU4=; b=GsurlFDD9Jqf 0Ud++fh6r2zgEvqHePAnMHuUHZirpTEyHDG8h5rp0tZ7aydNmi8y2H15PczgDvZ8pbExOXEt0bzB4 qORVyvaW/Ld/GCdD2UfIxktM7hChK2zG0/MQcLa7SwEJNmHWHVWDp+z92g/AyUCX2+7BqNkgCxNyX Qe1H7rxRO8yTsKA1ZC4krw2z8XJYullva+B+9phR/Okk+X2tTVpLofQHXfxyF+bM36HNJX2wjk2q1 QWYAaeQkTyAE/GelEAEL+3z7Xv0cAQ3i1r0e+9uFqssL89ykORynna6TcMFisDZ3G+7j95B8B8fCN gC9SUytO4jONQW7Bd4uWDw==; Date: Fri, 29 Sep 2023 18:10:56 +0300 Message-Id: <83a5t5ypz3.fsf@gnu.org> From: Eli Zaretskii To: Stefan Kangas In-Reply-To: (message from Stefan Kangas on Fri, 29 Sep 2023 02:34:52 -0700) Subject: Re: bug#66245: [PATCH] ; Silence macOS 14 warning References: X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 66245 Cc: 66245@debbugs.gnu.org, alan@idiocy.org, me@eshelyaron.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > From: Stefan Kangas > Date: Fri, 29 Sep 2023 02:34:52 -0700 > Cc: Eshel Yaron , 66245@debbugs.gnu.org, eliz@gnu.org > > Eli, do you have any comments here? I had hard time catching up on all the emails for the last 2 days, but I finally posted a response a few minutes ago. From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 29 11:36:54 2023 Received: (at 66245) by debbugs.gnu.org; 29 Sep 2023 15:36:54 +0000 Received: from localhost ([127.0.0.1]:56949 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qmFXx-0004jn-RU for submit@debbugs.gnu.org; Fri, 29 Sep 2023 11:36:54 -0400 Received: from dane.soverin.net ([2a10:de80:1:4092:b9e9:2296:0:1]:58269) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qmFXs-0004jN-Ci for 66245@debbugs.gnu.org; Fri, 29 Sep 2023 11:36:52 -0400 Received: from smtp.soverin.net (c04smtp-lb01.int.sover.in [10.10.4.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dane.soverin.net (Postfix) with ESMTPS id 4RxvZv65NpzSf; Fri, 29 Sep 2023 15:36:23 +0000 (UTC) Received: from smtp.soverin.net (smtp.soverin.net [10.10.4.100]) by soverin.net (Postfix) with ESMTPSA id 4RxvZv3SwQzHv; Fri, 29 Sep 2023 15:36:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=idiocy.org; s=soverin; t=1696001783; bh=5T9mmlbtnS/NA4zs2a3DLnQ4KqWUM1nMRxoIxn3666Y=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=EsgUBvTfeq3HeQyfvSXAUZSo/1vDg5Pc9cUFZXUfZ2Sjv0efoUA9fvu1XPGe1IVEQ qWOgc1Ch4BWwX2a4O8vmAC7fP2KJU28UYb2N6wgY2xnsi3q3CdQmKIZfzD+iC7kBRu JS4LjJ+BYnE0en/yMgknmsYKOmi+XoVGaWHMFGuuGfXipoEBZv1yflODpHP9DMUasq IB4tDxeFlDxJP4Z8Jsg+XQxAqrhemKYf+9ItN9ln1F5i/hPlc9A8752ozDc2JdKmqR xhJWAykqhK4Yz5qV9ICefknrygtYvEAO1CKwxpecTOZTgF9QlbKLmX0O5VAcwGm17/ HY1MT9nGrth1A== Received: from alan by faroe.holly.idiocy.org with local (Exim 4.96) (envelope-from ) id 1qmFXS-000Q3y-31; Fri, 29 Sep 2023 16:36:22 +0100 Date: Fri, 29 Sep 2023 16:36:22 +0100 X-Soverin-Authenticated: true From: Alan Third To: Gerd =?iso-8859-1?Q?M=F6llmann?= Subject: Re: bug#66245: [PATCH] ; Silence macOS 14 warning Message-ID: Mail-Followup-To: Alan Third , Gerd =?iso-8859-1?Q?M=F6llmann?= , Stefan Kangas , 66245@debbugs.gnu.org, Eshel Yaron References: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 66245 Cc: 66245@debbugs.gnu.org, Eshel Yaron , Stefan Kangas X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) On Fri, Sep 29, 2023 at 12:11:50PM +0200, Gerd Möllmann wrote: > >> I understand that as meaning that this switches on additional checks in > >> Appkit. That should be okay for Emacs because it doesn't use this > >> feature of Appkit, at least AFAIK. > > > > Thanks. IIUC, that seems to speak in favor of not making an emergency > > release of Emacs 29.2 at this point. > > I agree. The new method would just enable "secure coding" for > restorable state on macOS < 14 (it's the default in 14), but since we're > not using this stuff to begin with, it's kind of pointless. Not quite true according to the long description linked elsewhere. Saved state is turned on automatically and it seems there's no way to opt out. As I understand it that means that even though we don't make use of it the vulnerable code still executes. I do agree though that it's probably not worth making an emergency release. -- Alan Third From debbugs-submit-bounces@debbugs.gnu.org Sat Sep 30 19:04:51 2023 Received: (at control) by debbugs.gnu.org; 30 Sep 2023 23:04:51 +0000 Received: from localhost ([127.0.0.1]:59913 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qmj11-0005w2-G6 for submit@debbugs.gnu.org; Sat, 30 Sep 2023 19:04:51 -0400 Received: from mail-lj1-x22d.google.com ([2a00:1450:4864:20::22d]:60668) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qmj0x-0005vf-OU for control@debbugs.gnu.org; Sat, 30 Sep 2023 19:04:50 -0400 Received: by mail-lj1-x22d.google.com with SMTP id 38308e7fff4ca-2c124adf469so244617191fa.0 for ; Sat, 30 Sep 2023 16:04:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696115066; x=1696719866; darn=debbugs.gnu.org; h=to:subject:message-id:date:mime-version:from:from:to:cc:subject :date:message-id:reply-to; bh=X2PazuU6p6mmDDU9WoIFMTYgd7L7qZZ/MS11BYZp5cM=; b=FixegQx3Y5XIvZKtWKGoXM6u60NtVhNDsUcJchK9G8X5knq4RQuxJAyKNmlXvPWUs9 +rQuaIJV50GgEAigIR3r9ZTFpBi8YxFSlYXfjLs1jhHXco/BSzwEmkhZhc4hs7s+jMC7 4G5fNBWLYQ13fFk/QK4Rzs+wbZArqV5M1HUutPpibOt0tyJHvItl0OQvow5S3ghgH4Ql 1NvXQpZ+5v7DRc1yumMuZ5DWHo2c6T76xrc0C64vjCcqhxCUV1xyBGPBV78LzZ0agBWc 0r69LNEBG+tJCQ4+niX35P9BXSF8S/F5zjQQRGLMYw/kEn7DMxu0u8ZkYrdvdjcyoX67 ML5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696115066; x=1696719866; h=to:subject:message-id:date:mime-version:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=X2PazuU6p6mmDDU9WoIFMTYgd7L7qZZ/MS11BYZp5cM=; b=I1IY7BtgFuBqibdsSWUY3lYCQa4BEkvgN7NX8eJpvViNJHSWZKOGmh0/pWEjLzRT5W hd4alZh5/IHrBiHSDtMO4hJbwLNcCAeCDEZGETf6yhTN9otO61Tfr1wTJXFPyw+8vFt3 TgyHk2URbpUzAQe09KkLhRbcy5/U3af9/yk/MAQcV7c3aO0MIKupUdapJwEogIVsuyOC 2hl+36AY5sKgVLBEPQwykOJSCKrPRnnOqkWduYYucRoyej0g2e+J3P09/sRriM/d0Zjo 8MO0D6TffwTSVPjaoC2iceeZeeaYcEq4dq382hrdCMDhnmCxodKn3Yyjew7Gm1Fg5icZ w3fw== X-Gm-Message-State: AOJu0YwUntI5Nk4sB/5LIi2VmpjMwJV+d04RR+GkXKises7C2gGi6gU5 GVjcGIJdPCajebYO7CAXSIgfekmvodqa3Hd4qaLgRQ7F X-Google-Smtp-Source: AGHT+IFiEcUwDh+88WbMjO68FMzeMvfGxdnC12NBsWnGWoSE8IlJQXDPkZT/WObEvAML/KaZ3UfOGV48nYXetNUv+vo= X-Received: by 2002:a2e:9e95:0:b0:2bd:1908:4433 with SMTP id f21-20020a2e9e95000000b002bd19084433mr5979424ljk.50.1696115066065; Sat, 30 Sep 2023 16:04:26 -0700 (PDT) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Sat, 30 Sep 2023 16:04:25 -0700 From: Stefan Kangas MIME-Version: 1.0 Date: Sat, 30 Sep 2023 16:04:25 -0700 Message-ID: Subject: To: control@debbugs.gnu.org Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 2.0 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: forcemerge 66245 66269 thanks Content analysis details: (2.0 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (stefankangas[at]gmail.com) 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:22d listed in] [list.dnswl.org] 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 2.0 BLANK_SUBJECT Subject is present but empty X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) forcemerge 66245 66269 thanks From unknown Tue Jun 17 01:48:04 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sun, 29 Oct 2023 11:24:08 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator