Post

Replies

Boosts

Views

Activity

Reply to NSWorkspace is broken on Big Sur
Thanks a lot! Yeah, I've also quickly checked just now. Seems to be working fine and should cover our use case. I still hope that Apple would at least respond or just silently fix it (as they did with other bugs I've reported) because I think NSWorkspace should work :) But at least now there is a workaround in case it's not fixed in time. That's already good news.
Aug ’20
Reply to How to trigger ES_EVENT_TYPE_AUTH_COPYFILE Endpoint Security event
Hello, Quinn! Thanks a lot for your assist on this. I was struggling a bit with connecting to an AFP server. For some reason, it was rejecting all my connection attempts and no solutions I found online helped me. But I tried connecting to a SMB server and duplicating the file on a remote SMB server and this produces the same copyfile sys call. So it was a success in the end. I also managed to verify that our es_client instance correctly identifies this new event when I duplicate a file on a remote SMB server and handles it accordingly. So looks like it's working as designed. Our biggest worry was that this a somewhat recently added event and as soon as Monterey is dropped, we will be missing events that we need to evaluate. But it does not look that way so far. As far as I can see, the use case for this sys call is pretty narrow, isn't it? Best regards, Arthur
Sep ’21
Reply to How to trigger ES_EVENT_TYPE_AUTH_COPYFILE Endpoint Security event
That's great news! We already subscribe to quite a wide range of events from Endpoint Security APIs including ES_EVENT_TYPE_AUTH_CLONE for file clone operations. But we are still planning to add ES_EVENT_TYPE_AUTH_COPYFILE support. But it just means that adding the support is not that critical to have as soon as Monterey is out as we initially thought. Thanks for your help and assistance (as always :) ) Regards, Arthur
Sep ’21
Reply to App Transport Security (ATS) scope on macOS
a small update. Made a quick test by trying to make a network request to a http address from the daemon side. Got the following error log message: "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection". So it looks like ATS is indeed operational when the daemon is making a network request using URLSession. So the only confusing part was the description of circumstances under which ATS is expected to be enabled.
Mar ’22
Reply to App Transport Security (ATS) scope on macOS
Huh. That's curious because this is not what's happening according to our testing (my last comment above). This is what I am currently observing when a process that runs in the daemon context tries to perform a POST request to a HTTP address. 2022-03-03 11:51:55.384 E daemonnamed[1467:2af9] [subsystem:category] Error occurred while trying to send data: Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7ffbadf0ddd0 Unknown macro: {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://concealed, NSErrorFailingURLKey=http://concealed, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.} So if I read this message correctly, ATS is restricting it from performing a network request due to an insecure connection. If I restore the URL to its original form (HTTPS), then the request is successful. is the comment about not having ATS protection in daemon context is about it being limited in some other way? So it's not the same as for user apps?
Mar ’22
Reply to App Transport Security (ATS) scope on macOS
Indeed, this example allows insecure connections which contradicts with our earlier observations. I've made a quick test by setting UserName and GroupName to daemon in the plist. That did not affect the behavior. Insecure connections were still allowed. I have created a feedback about opting in ATS by launchd jobs. Sharing the number for your reference: FB9942862 I will investigate why ATS gets involved in our case. I can think of a few interesting details from the top of my head: our daemon is sandboxed. Could that change the behavior? our daemon binary has an Info.plist embedded into it. Could that make ATS look at it from bundle point of view? it performs POST requests. Could that a reason why ATS gets kicked in?
Mar ’22
Reply to No warning about missing return statement in Objective-C code in SPM
@endecotp. Yes, I think you are right. There should be a warning at least. But in my observation, there is no indication at all. So to be more precise, this is what's happening. If I declare such a method in a class added to an Xcode project, - (BOOL)doTheThing { // do not return anything } then I see a warning from Xcode saying that there is no return statement. And this issue is caught by our CI system which has a very strict policy on warnings. If anyone in the team adds even a single warning, then such a change cannot be merged. But if I add the same method to a Swift package which is linked against the same Xcode project, then there is no clang warning in Xcode about it anymore. So now we have a situation that we have no idea how many other cases like that we have in our codebase because we are totally blind to it as Xcode/clang does not indicate any issue at all...
Oct ’22
Reply to Stuck with "In Review" app review status for 3 weeks
An update on this: Our extension is still under review. It has been over 3 weeks now. Got an update from Developer Support stating that the submission is still under review. To be honest, hard to imagine what you can do with a Safari extension for over 3 weeks review time.. Such cases make it hard to predict when you should expect a CRITICAL update to be delivered to customers..
Oct ’24