Re: [MacPorts] #66358: sip-workaround / trace mode no longer works on arm64 macOS ≥ 13 due to new security features
MacPorts
noreply at macports.org
Wed Sep 25 19:54:48 UTC 2024
#66358: sip-workaround / trace mode no longer works on arm64 macOS ≥ 13 due to new
security features
-------------------------+-----------------------------------------
Reporter: reneeotten | Owner: Clemens Lang <neverpanic@…>
Type: defect | Status: reopened
Priority: Normal | Milestone:
Component: base | Version:
Resolution: | Keywords: arm64 ventura sonoma
Port: |
-------------------------+-----------------------------------------
Comment (by markmentovai):
In many cases, it ought to be possible to reset the
`mach_header_64::cpusubtype` from `CPU_SUBTYPE_ARM64E` to
`CPU_SUBTYPE_ARM64_ALL` (0), and then re-sign. PAC instructions
essentially become no-op under arm64 (as opposed to arm64e).
This may be feasible if you’re not trying to run anything with a
restricted entitlement.
{{{
mark at arm-and-hammer zsh% sw_vers
ProductName: macOS
ProductVersion: 15.0
BuildVersion: 24A335
mark at arm-and-hammer zsh% uname -orm
Darwin 24.0.0 arm64
}}}
{{{
mark at arm-and-hammer zsh% lipo /bin/ls -thin arm64e -output /tmp/ls
mark at arm-and-hammer zsh% otool -hv /tmp/ls
/tmp/ls:
Mach header
magic cputype cpusubtype caps filetype ncmds sizeofcmds
flags
MH_MAGIC_64 ARM64 E USR00 EXECUTE 20 1712
NOUNDEFS DYLDLINK TWOLEVEL PIE
mark at arm-and-hammer zsh% python3
Python 3.12.6 (main, Sep 7 2024, 05:43:35) [Clang 16.0.0
(clang-1600.0.26.3)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import struct
>>> f = open('/tmp/ls', 'r+b')
>>> f.seek(8)
8
>>> hex(struct.unpack('<I', f.read(4))[0])
'0x80000002'
>>> f.seek(8)
8
>>> f.write(struct.pack('<I', 0))
4
>>> f.close()
>>> ^D
mark at arm-and-hammer zsh% otool -hv /tmp/ls
/tmp/ls:
Mach header
magic cputype cpusubtype caps filetype ncmds sizeofcmds
flags
MH_MAGIC_64 ARM64 ALL 0x00 EXECUTE 20 1712
NOUNDEFS DYLDLINK TWOLEVEL PIE
mark at arm-and-hammer zsh% codesign --sign=- --force --preserve-metadata
/tmp/ls
warning: default usage of --preserve-metadata implies "resource-rules"
(deprecated in Mac OS X >= 10.10)!
/tmp/ls: replacing existing signature
mark at arm-and-hammer zsh% /tmp/ls -dl /tmp/ls /tmp/ /tmp /
drwxr-xr-x 20 root wheel 640 Sep 5 16:54 /
lrwxr-xr-x@ 1 root wheel 11 Sep 5 16:54 /tmp -> private/tmp
drwxrwxrwt 35 root wheel 1120 Sep 25 15:45 /tmp/
-rwxr-xr-x 1 mark wheel 89088 Sep 25 15:45 /tmp/ls
}}}
--
Ticket URL: <https://trac.macports.org/ticket/66358#comment:58>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list