Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use the Keka helper to get rid of the compression Keka quarantine flag #405

Open
aonez opened this issue May 2, 2019 · 5 comments

Comments

Projects
None yet
2 participants
@aonez
Copy link
Owner

commented May 2, 2019

Since compressed files from a sandboxed app are set with a quarantine flag, give the option to remove that flag, using the Keka helper currently used for setting Keka as the default app.

Asked by Jérôme via mail.

@aonez aonez added this to the 1.2.0 milestone May 2, 2019

@aonez aonez self-assigned this May 2, 2019

@alvarnell

This comment has been minimized.

Copy link

commented May 3, 2019

Which disables all macOS file security features. Why would anyone want to do that?

@aonez

This comment has been minimized.

Copy link
Owner Author

commented May 3, 2019

@alvarnell this only applies to newly compressed files. There's a sandbox key that prevents this quarantine to apply, but it's no allowed by Apple in third party apps: com.apple.security.files.user-selected.executable

For example TextEdit.app uses that key and you can see that any new file you create with TextEdit does not have the quarantine flag. In my opinion this key should be allowed in some third party apps.

@alvarnell

This comment has been minimized.

Copy link

commented May 3, 2019

Got it. I've been following Howard Oakley's discussion of this in a couple of articles:
https://eclecticlight.co/2019/04/26/🎗-quarantine-documents/
https://eclecticlight.co/2019/05/03/serious-flaw-in-macos-quarantine-can-stop-you-from-opening-documents/

His conclusion and that of "Martin" is that this is a bug that Apple needs to fix and there is a Radar number at the end you can reference should you decide to take that route.

@aonez

This comment has been minimized.

Copy link
Owner Author

commented May 4, 2019

Thanks for the references @alvarnell. I really did a lot of research and tests for your ticket #176, #293 and #294. Just now found an issue trying to update an uncompressed Keka build to test #407 & #408, where the quarantine flag made Keka open in translocation and therefore the update process fail.

Hopefully they'll fix this in the future.

@alvarnell

This comment has been minimized.

Copy link

commented May 5, 2019

A couple more recent postings.
The Radar is now viewable as an OpenRadar:
https://openradar.appspot.com/radar?id=4985000587952128

And more from Howard where it seems the root cause is the XProtect process:
https://eclecticlight.co/2019/05/04/documents-from-an-unidentified-developer-quarantine-misbehaviour-in-the-log/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.