-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better integration with macOS 10.15 Catalina security features #94
Comments
I think this should be improved in the latest nightly builds. I re-wrote the launcher in rust so it compiles to a native binary. This should show up and integrate better. I haven't been able to test it because my system never complains about this for some reason I don't understand. |
To be clear, this change is not in the version 28.1 released today, right? Just nightlies? (I downloaded the 28.1 release and it still has the problem) |
Correct. I was hoping to get some feedback from the nightly builds (where any unforseen breakage is mostly ok) before rebuilding the stable version with the change. Specifically, the nightly build from 2022-04-05 has the (alleged) fix. |
Version |
@caldwell Is this the right forum for such a discussion? I'm loathe to open a new Issue for discussion; I also considered a comment on bfe57e0 but this seems like it's a bit better. First of all, thanks for porting the Ruby launcher to Rust. This definitely seems like the right way to go! I'm not a Rust developer, so please bear with me, but I'm concerned that the above change seems to invoke the login shell (usually That does not seem correct behavior if I run I can understand why you might want to do this when Emacs is invoked from launchd or Dock or whatever the Finder mechanism is. If that's the case, I'm not sure this is the right mechanism to do so, but maybe it is. But maybe not? Historically I have mucked about with So anyhow…this code has me wary. I feel like it will lead to subtle problems and a lot of corner-cases and most users won't notice it (until they do), so I wanted to raise it now, early in the process. Also, I tend to think that this is a very strange practice to use the environment to alter the behavior of the launcher, and that it would be better to use a command-line argument, i.e. Also, do I read the Rust code properly that it sets Thanks. |
I agree. That is an oversight on my part—too fixated on "my way" of launching emacs—I use
The problem is that Apple has been changing and restricting what env vars can be set for all processes over time. I've gone through all the steps you listed. At the moment I think the only way is to replicate everything in emacs lisp, or some other lispy solution but those all feel like terrible hacks. This is also terrible but slightly less so, I think—I think a programmer's editor inheriting your .bashrc nonsense nonsense automatically is what most people expect (there have been a lot of bug reports and emails over the years asking me about this). Honestly I've had the equivalent changes for the old Ruby launcher sitting around uncommitted in my local dev directory for literally years because I have the same basic misgivings as you. I finally gave up and just did it. I think it'll be ok.
I thought about that of course, but the env var was easier to implement, only shows up in one place, and is completely internal.
Do you mean in this line? let env_raw = Command::new(std::env::var_os("SHELL").unwrap_or(osstr("sh"))).args([osstr("--login"), osstr("-c"), std::env::current_exe()?.into_os_string()]) In that line it's using Thanks |
Thanks. A fix to detect the Finder sounds pretty good. I can't shake the feeling that something has gone horribly wrong that this is necessary, but I don't have anything better to offer, and I'm not suggesting it's your fault.
I did, and thanks for clarifying. It can certainly happen! It's not crazy-rare for people to run things like As a footnote, I got around to downloading the nightly binary (it shrunk from 85MB to 68MB, did something go wrong?), and I definitely did not expect this degree of obfuscation:
I'm not saying this is a real problem, but…I can imagine someone hating you in the future for it. |
True, but I was already thinking in terms of detecting being opened from Finder and I don't think it's possible there. It certainly seems very difficult to get Finder to do that on purpose.
No, that's the result of switching the .dmg format back to HFS+. I had to switch away because Big Sur's
I hate that too—that's Rust being picky since technically there's no guarantee that the values aren't almost pure random binary (aside from |
…nched from Finder We detect this by checking the parent process id, which is 1 when launched via launch services. Thanks to johnhawkinson for pointing this out here: #94 (comment)
In order for Emacs.app to access files when running under macOS 10.15 Catalina, it appears to be necessary to manually grant Full Disk Access permissions to not only Emacs.app but also to
/usr/bin/ruby
, as detailed at https://spin.atomicobject.com/2019/12/12/fixing-emacs-macos-catalina/. That seems unsafe, as that grants those permissions to any arbitrary Ruby script, not just the launcher code for Emacs. The Ruby launch script appears to require the user to degrade their system security in order to use Emacs.Would it be possible for there to be better integration between Emacs and the security features of Mac OS 10.15 so this was not necessary?
The text was updated successfully, but these errors were encountered: