It’s well known that if you drag a file from Finder and drop it into Terminal, the full path of the file will output in Terminal. The same behavior occurs with copy and paste too. This has always been a very convenient but innocuous operation… until macOS 10.15 Catalina. I’ve discovered that on Catalina, pasting a file from Finder not only outputs the file path in Terminal, it also invisibly and permanently grants Terminal access to the file, bypassing any macOS privacy protections!
This is such a weird bug… Or feature?
While it was undocumented, it was a bug. Now that it’s discovered, and (externally) documented, Apple will retroactively declare “it’s a feature.”
Is this a new feature, or just that it’s something only recently been noticed by the author?
I recall doing this, or something very similar, a decade ago. As I recall if you had administrative rights this worked in much earlier versions of MacOS, I’m sure we used it to debug normal user accounts.
Maybe this is not specific to the Terminal program? Does this happen for other applications like text editors as a way to convey “user granted access by dragging and dropping the file” for (possibly legacy) programs?
I wouldn’t be surprised if this is a more general “compatibility feature” put into place after access restrictions were introduced to the OS in order to prevent breaking previously working behavior.
Edit: correct auto correct mistakes
skandalfo,
I was thinking the same thing. I take it this this file access permission works a bit like SELinux? IMHO despite security benefits selinux can be extremely unfriendly to users especially when things start to fail silently and you don’t realize why the heck something isn’t working. So I wouldn’t be surprised if this was done by apple to make things easier for the user, however granting access without any user confirmation is surprising. Maybe apple wanted to avoid nagging features that looked and worked like UAC on windows “lets just assume that the user intended to grant access via drag and drop so it just works without interruption”.
Is this working again? If so, I’ll edit this post…
Edit: Awesome, not sure how/why it went missing, but edit works again!
I can’t tell, and I can’t find anything that says something other then “expanded permissions access”. Presumably, it’s some form of MAC.
The most amazing thing about SELinux is that the tooling has remained so hostile to users after all of these years. It’s almost as if they think making it hard to work with is a security feature. Maybe I’m being naive, but it doesn’t seem like “selmod grant httpd rx –permanent”, or something like that, to abstract the entire process would be that hard to create.
“setenforce permissive” is the first step I take when troubleshooting a problem on RH stuff. If it works after that, I know I get to spend my day fighting SELinux.
This being a compatibility feature is my guess as well. Lots of time spent fighting with SELinux and it’s obtuse tooling makes me think Apple is implementing mandatory access controls in phases to keep the rioting to a minimum.
I’m still upset as I cannot remotely access files in my Downloads, Documents or Desktop folders from other computers since the upgrade to Catalina. I’ve been using MacOS since 2005, and this year after the Catalina upgrade I got myself a Windows 10 machine. Everything works on it, including my 32 bit legacy apps.
mail4asim,
Could you do it through ssh/sshfs? I’ve been using that on linux and the awesome thing about about it is that so long as the openssh server is installed it just works out of the box. There’s no need to configure a separate samba/ftp daemon and many modern file transfer GUI applications support ssh. IMHO on linux it’s the fastest, easiest and most reliable way to access files remotely. Very conveniently, rsync just works with it. I always found windows remote features lacking by comparison. Does windows 10 have complete support for open SSH server & client under its linux subsystem?
It seems Apple is still terrible at dealing with actual security breaches and bugs. Meanwhile the T2 chip they’re putting in everything has a real purpose of locking out 3rd party repairs and upgrades. For the average user a simple encrypted disk is enough security.
dark2,
There are two forms of security at stake:
1) the owner’s security over his/her own data to protect from unauthorized access (including even apple itself).
2) apple’s ability to retain control over owners.
I haven’t read technical details about the T2 chip, does anyone know whether the T2 chip does anything whatsoever for #1? I do know that at least some of it’s functionality is totally dedicated to the later category, like denying customer repairs and upgrades such as prohibiting owners from installing standard non-apple-branded NVMe flash drives in a mac. Functionality like that serves no purpose for the owner and only exists as an anti-competitive lock in measure.
The T2 chip now stores the encryption keys for the soldered in ssd. I believe if the SMC or T2 chips were to fail at the moment, that’s the end of ever getting data off your SSD again. The only way to get those 2 chips fixed is to send it to Apple, who generally does a full board replacement instead of actually fixing it.
dark2,
Fair enough, but I was actually thinking in terms of the latest $6000 mac pro where the flash storage is not actually soldered in at all. A recent teardown video covers the hardware in some depth:
https://www.youtube.com/watch?v=xQGfVFpMpuQ
At 3:40 in particular…
Obviously I understand that the decryption keys are tied to the T2 chip, and the hard drive cannot be decrypted without the corresponding T2 keys. But beyond this requiring users to have an apple SSD has no security value since the disk itself never sees anything other than the encrypted data. That the mac pro rejects 3rd party SSDs seems to be motivated purely by #2 above, which is apple’s desire to block customer’s ability to buy from competing NVMe manufacturers.
In terms of protecting user data #1, well intel’s PTT offers the same sort of disk encryption as T2 without blocking an owner’s choices of SSD hardware. The encryption and keys are processed in the PTT module, but the SSD hardware is oblivious to the encryption happening on the data before it even reaches the disk, just as with T2.
Granted, I’m not in the market for a $6K-$50K mac pro, so the point may be mute, but if I did own one at home or in a data center environment I’d be really pissed off at apple for doing this. It’s vendor locking at its worst.