← Back to context

Comment by marcan_42

4 years ago

The shift to moving the Mach-O parsing from iBoot to kmutil has positive security implications. Adding a raw input option on top of that has zero additional security implications. It's a strict subset of the attack surface.

3 comments

marcan_42

Reply
uranusjr  4 years ago

I believe parent is not talking about the security implications of the contributions themselves, but the security implications of the act of making contributions as an Apple employee. And it’s a reasonable assumption; from my (not many) interactions with Apple employees in OSS world, they are generally very careful about doing this sort of things, and I would be very very surprised if not at least a few managers know about this beforehand.

  • marcan_42  4 years ago

    No Apple employees made any OSS contributions here. They just added a tiny feature to an existing Apple tool that happens to make our lives easier.

    • uranusjr  4 years ago

      Yes, sorry, the wording I used was misleading. What I meant by “contribution” is in a broad sense “something that helps”, not actual OSS code contributions.