GNU bug report logs - #66245
[PATCH] ; Silence macOS 14 warning

Previous Next

Full log

View this message in rfc822 format

From: Gerd Möllmann <gerd.moellmann <at> gmail.com>
To: Stefan Kangas <stefankangas <at> gmail.com>
Cc: 66245 <at> debbugs.gnu.org, Alan Third <alan <at> idiocy.org>, Eshel Yaron <me <at> eshelyaron.com>
Subject: bug#66245: [PATCH] ; Silence macOS 14 warning
Date: Fri, 29 Sep 2023 12:11:50 +0200

Stefan Kangas <stefankangas <at> gmail.com> writes:

> Gerd Möllmann <gerd.moellmann <at> gmail.com> writes:
>
>>> Without this code, are we enabling malicious processes to escape the
>>> macOS sandbox, and gain the same privileges as the Emacs process?
>>
>> Well, not that drastically...  From the release notes of macOS 12 Appkit
>> (we're now at 14).
>>
>> https://developer.apple.com/documentation/macos-release-notes/appkit-release-notes-for-macos-12?changes=lat__5_3
>>
>> Restorable State
>>
>>     To enable secure coding for a restorable state, implement
>>     applicationSupportsSecureRestorableState(_:). When opted in:
>>
>>         The system requires classes passed to restorationClass to
>>         explicitly conform to NSWindowRestoration.
>>
>>         ...
>>
>> I understand that as meaning that this switches on additional checks in
>> Appkit.  That should be okay for Emacs because it doesn't use this
>> feature of Appkit, at least AFAIK.
>
> Thanks.  IIUC, that seems to speak in favor of not making an emergency
> release of Emacs 29.2 at this point.

I agree.  The new method would just enable "secure coding" for
restorable state on macOS < 14 (it's the default in 14), but since we're
not using this stuff to begin with, it's kind of pointless.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.