11/11/2022 0 Comments Sheepshaver closes immediatelyI also test every release of every app I make available here by adding a quarantine flag and checking that it opens correctly they invariably do, and confirm that the app has been correctly notarised too. I’m not aware that they should cause any problems in translocation, unless macOS decides to intervene. I introduced these some years ago, at a time when such checks were only performed when quarantined apps were first run. Most of my apps do something a little unusual when they first start up: they perform a check on their own signature, to ensure that they haven’t been damaged or tampered with. The tell-tale sign in the crash report is the path given for the crashed app, which reveals that it was launched in translocation, from a path such as /private/var/folders/*/MyNew.app/Contents/MacOS/MyNew. Instead of the app opening and clearing quarantine, macOS decides to crash the app, and it doesn’t complete that first run, so will be translocated again if it’s run from the same location. As debugging translocation problems is so difficult, it’s hard to discover why. There you’ll see entries describing the creation of the translocation directory, typically at a location something like /private/var/folders/4d/x76c3kn158q0mvbcjh8dy12h0000gn/T/AppTranslocation/FD855598-DFCA-4A82-9A0D-229C0C99035B/d/MyNew.appĮvery now and then, this doesn’t work to plan. You’ll only notice translocation taking place when you examine the log for the app’s first run. Nine times out of ten, the user isn’t aware of this: the app runs fine, and the next time, with its quarantine flag cleared, it works exactly as expected, without translocation taking place. If they now try running SilentKnight without moving it, macOS is almost certain to translocate it for that first run. It arrives in their ~/Downloads folder, where they unarchive it into its own folder. Take the example of someone who downloads SilentKnight from here. the app hasn’t been moved by the Finder from the location it was unarchived or downloaded to, wherever that was.the app must be opened by Launch Services (normally the Finder) rather than a command shell.When the following apply, the first time that you run any quarantined app on your Mac, it will be translocated to a random read-only location within that system volume group: Read Jeff Johnson’s detailed exploration from six years ago, and the rules he discovered then might make this appear more credible. None of my apps works with plug-ins, and none is distributed with them, so you might be puzzled as to why this should apply to anything you’ve downloaded from here. This is designed to prevent the automatic loading of plug-ins distributed alongside the app.” When necessary, Gatekeeper opens apps from randomized, read-only locations. Here, using the app triggers the loading of a malicious plug-in without the user’s knowledge. “Gatekeeper also protects against the distribution of malicious plug-ins with benign apps. The closest that I’ve come is a vague mention in the Platform Security Guide: This article explains what is happening, and the simple solution.Īlthough introduced six years ago in macOS Sierra, I’ve been unable to find any clear account of app translocation in Apple’s developer or security documentation. When they attach a crash report, it usually takes me just a few seconds to work out why this is: it’s almost invariably because of translocation, a macOS security mechanism that isn’t widely known. #Sheepshaver closes immediately freeEvery couple of weeks, someone trying to run one of my free apps contacts me to report that the app they downloaded crashes whenever they try to run it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |