Hacker News new | past | comments | ask | show | jobs | submit login

It's interesting that you chose to omit "over and over again" from the end of the quote. I would also mention to this:

> There are two fundamental flaws in TCC that make this exploit possible

We know that TCC is a major burden for legitimate Mac apps. But is it a major burden for malware? That's the question, and it seems to me the answer is no. There are so many holes in this system, it only stops the good developers who wouldn't stoop to using the countless hacks readily available to malware developers.




> We know that TCC is a major burden for legitimate Mac apps.

It's a burden for me as a user!

My home theater setup is basically just a Mac connected to a projector. Every button on my Harmony remote runs an Applescript. Many of them start with lines like:

    tell application (path to frontmost application) to
Every single time a new application is in front when I run a new script, Mojave and newer pop up a dialog asking if I want to allow my own script to control the front app, which means I need to get up off my chair and grab a mouse to click the button. When I edit a script, it usually resets all of the approvals.

I make very heavy use of Applescript for all sorts of things on my computer. It's one of the things that has kept me on Mac over the years, because there is no broadly-supported equivalent on Windows.

I get the sense that no one at Apple uses Applescript much, though, because if they did, they wouldn't have added an impossible-to-disable feature which renders it effectively useless.


On the theory that I may as well check, just in case something helps —

Does the Harmony process request Apple automation permissions, and is the Harmony process enabled for it if so? (Whatever the parent process of the scripts you're launching is, i.e. Harmony.app in the chain Remote button -> Harmony.app -> Your Apple.scpt)

Does exiting the Harmony process and all scripts, purging all of your events decisions with `tccutil reset AppleEvents`, and then restarting the Harmony process and running a script result in any improvements?


No guarantee this will work and I don’t have a machine to test in front of me but does that still occur if you add your script to either (in order of likelihood) the Automation, Developer Tools or Accessibility groups in the Security & Privacy -> Privacy preferences?


Automation and Accessibility, no. Automation is indeed the relevant panel, but the white-list is per-app being controlled. There's no way I can tell macOS to let my script control any app in the automation panel, nor can I even approve apps ahead of time.

Is Developer Tools new in Catalina, or do I need to install XCode or some such in order for it to appear? Never saw it in Mojave.

Fwiw, at one point I had a 250 rep bounty on this StackExchange question, and got nothing. :(

https://apple.stackexchange.com/questions/339509/edit-tcc-db...


Your argument is much better presented here, and it makes a lot of sense. While I'm not sure whether I agree or not, it does help me understand the viewpoint you're coming from. Thank you for taking the time to reply! I would now paraphrase my current understanding as (correct me if I'm wrong):

'The endless bugs in TCC demonstrate that its burden is not worth the costs to developers.'

What was written in the post did not lead me to understand this, even including the quantity/repetition modifier "over and over again". I think the missing piece for me is the cost to developers bit — without that, it reads as "the bugs prove that this isn't worth the privacy improvement", with that it reads as "the bugs prove that the cost to developers isn't worth the privacy improvement".


It was honestly more of an expression of frustration in the article than an argument. I'm pessimistic that I can do anything to stop the iOS-ification of the Mac.


Locks on your house only protect you from people who use doors. I'm not sure this argument holds up either.


But imagine if you only locked your front door and left your back door completely unlocked all the time. The front door lock would stop honest visitors from entering your home, but they probably didn't need to be stopped anyway, because they would knock before entering. Whereas criminals will neither knock nor use the front door.


We're totally in agreement regarding TCC, but this analogy has a lot of issues. A criminal could also break a window, or—even easier—pick the lock, because the locks on most houses can be trivially broken.

There's a couple reasons locks work IRL despite this, one of which is that they don't really stop honest visitors. You don't usually want anyone coming into your house that you haven't let in yourself, unless they're family members with keys.


Yeah, I don't think these "door lock" analogies are helpful for either side of the argument. The situation with a computer operating system is not analogous.


I think the biggest issue is that it’s been bolted on macOS, so it works nowhere near as well as it does on iOS. I’m sure you’re aware of the many other cases where there’s been holes in the macOS version of some enforcement because it was added later and without considering how it might fit ;)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: