Re: [MacPorts] #66358: sip-workaround / trace mode no longer works on arm64 macOS ≥ 13 due to new security features

MacPorts noreply at macports.org
Wed Nov 6 22:04:32 UTC 2024 

#66358: sip-workaround / trace mode no longer works on arm64 macOS ≥ 13 due to new
security features
-------------------------+------------------------------------------
  Reporter:  reneeotten  |      Owner:  Clemens Lang <neverpanic@…>
      Type:  defect      |     Status:  reopened
  Priority:  Normal      |  Milestone:
 Component:  base        |    Version:
Resolution:              |   Keywords:  arm64 ventura sonoma sequoia
      Port:              |
-------------------------+------------------------------------------

Comment (by markmentovai):

 Replying to [comment:68 neverpanic]:
 > Thanks, that information is very helpful. Is there some documentation
 that I'm not aware of that explains what `BIND_OPCODE_THREADED` actually
 does, and whether just stripping it from the binaries is a safe operation?

 There’s no documentation aside from dyld source. There have been some WWDC
 sessions that discuss chained fixups, but only at a high level, not at
 this low implementation level. And in any case `BIND_OPCODE_THREADED` was
 an older form of chained fixups, before the more recent
 `LC_DYLD_CHAINED_FIXUPS` that Apple would have showcased at WWDC. Limited
 to arm64e, `BIND_OPCODE_THREADED` was only ever Apple-private.

 It’s definitely not safe to strip in general. You’ll lose (at least some)
 relocations, which will leave you with a broken executable (except in the
 very unlikely event that it only covered some relocations, all of which
 are irrelevant to execution). You’d need to interpret
 `BIND_OPCODE_THREADED` and translate to a different form.

 Without resorting to disabling SIP, I do have another recipe to put
 Apple’s executables more under user control:
 [https://github.com/markmentovai/bits/blob/main/apple/test/exec_via_dlopen.c
 exec_via_dlopen]. I don’t like it as much because it’s not as “pure” or
 transparent an environment as the recipe I shared in comment:60, but in
 light of comment:67, it has the property that it leaves arm64e as arm64e,
 and allows dyld to process `BIND_OPCODE_THREADED` wherever it may validly
 be found in an arm64e image. It has another advantage: you don’t have to
 rewrite Apple’s executables. There’s no code signature stripping or Mach-O
 tweaking involved at all.

 {{{
 mark at arm-and-hammer zsh% clang -Wall -Wextra -Werror -o
 /tmp/exec_via_dlopen exec_via_dlopen.c
 mark at arm-and-hammer zsh% DYLD_INSERT_LIBRARIES=/tmp/libpreload.dylib
 /tmp/exec_via_dlopen /bin/ls -dl /bin/ls /bin /
 preloaded!
 drwxr-xr-x  20 root  wheel     640 Oct 22 03:49 /
 drwxr-xr-x@ 39 root  wheel    1248 Oct 22 03:49 /bin
 -rwxr-xr-x   1 root  wheel  154624 Oct 22 03:49 /bin/ls
 }}}

-- 
Ticket URL: <https://trac.macports.org/ticket/66358#comment:69>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list