[cfarm-users] New Apple Mac M1 machine (gcc304)
Mark Adler
farm at madler.net
Tue Mar 23 17:50:22 CET 2021
macOS now has extensive protection against the execution of hostile code. I can certainly use lldb to debug. However when I want to execute the code, I get this:
I only get this once, where it remembers for that terminal session. I could have enabled Developer mode to avoid these entirely, but I prefer to leave the protection in place.
When coming in on ssh, you can’t get a window like that, and even if you did, you don’t have an administrator password. I think that Developer mode would need to be enabled, and add all the users to the developer group. Developer mode should leave you with no worse protection than the Linux machines.
> On Mar 23, 2021, at 8:02 AM, Vladimir Makarov via cfarm-users <cfarm-users at lists.tetaneutral.net> wrote:
>
>
> On 2021-03-22 8:31 p.m., Assaf Gordon via cfarm-users wrote:
>> 5. Enabling "Developer Mode" is being investigated.
>> As it is a shared (and semi-public) machine, what are the security
>> implications of enabling it - e.g.
>> - what are the security implementations?
>> - can you attach to any of the user processes?
>> - can it leads to privilege escalations?
>> - can you only use Apple-signed lldb, or any debugger?
>> - will it compromise SIP ( https://en.wikipedia.org/wiki/System_Integrity_Protection ) ?
>
> How the developer mode is different from compiler farm linux machines? We have there debuggers which can attach to user processes.
>
> I can hardly name any machine w/o debugger a developer machine.
>
>
> _______________________________________________
> cfarm-users mailing list
> cfarm-users at lists.tetaneutral.net
> https://lists.tetaneutral.net/listinfo/cfarm-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tetaneutral.net/pipermail/cfarm-users/attachments/20210323/daa00152/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2021-03-23 at 9.36.35 AM.png
Type: image/png
Size: 155029 bytes
Desc: not available
URL: <http://lists.tetaneutral.net/pipermail/cfarm-users/attachments/20210323/daa00152/attachment-0001.png>
More information about the cfarm-users
mailing list