← Back to context

Comment by zimpenfish

5 years ago

IIRC, from vague memories of things flying past, Big Sur won't let a modified binary run once it's been checked by Gatekeeper. Which means the first run gets checked and notarised but when you add the `index.html`, the on-disk binary has changed and Gatekeeper won't allow it to run - I guess it's to prevent malicious code modifications, etc.

7 comments

zimpenfish

Reply
jart  5 years ago

Oh wow that's good to know. Maybe you have to do something like `cat foo.com >foo2.com` after you've modified it with the zip tool.

oscargrouch  5 years ago

Its good from a security perspective, but also its a nightmare to know that the mothership knows everything you run on your machine.

This will also prevent distribution from outside of their appstore giving it will prevent updates.

So as anything Apple, the world security here is being used as code for personal machines remotely controlled by the mothership.

You trade privacy and freedoms for a little convenience.

  • zimpenfish  5 years ago

    > This will also prevent distribution from outside of their appstore giving it will prevent updates.

    I think that if an app is correctly codesigned, Gatekeeper has no issue with it. Also if it's not correctly codesigned but you've ticked "allow unsigned binaries", you can still run them.

    > the mothership knows everything you run on your machine

    I can't remember the details from the last time this came up but IIRC it only sends a hash and possibly even then only the first time you launch it. Either way, they're not going to block out-of-appstore distribution except if you're a known malicious actor.

safeaim  5 years ago

Yeah, but this isn't Big Sur, it's Catalina. But maybe it's the same protection there as well?

The binary didn't work on Ubuntu 18.04 nor CentOS8 either, but I'll report a issue later on today.