[MacPorts] #69187: Updated from version 2.8.1 to 2.9 Crowdstrike altert from IT
MacPorts
noreply at macports.org
Mon May 5 15:41:23 UTC 2025
#69187: Updated from version 2.8.1 to 2.9 Crowdstrike altert from IT
-------------------------+-------------------------------------------
Reporter: eraldtroja | Owner: (none)
Type: defect | Status: new
Priority: Normal | Milestone:
Component: base | Version: 2.9.0
Resolution: | Keywords: crowdstrike alerts, data dump
Port: |
-------------------------+-------------------------------------------
Comment (by semoore_pfpt):
Hello, sorry to bump this ticket, but I also received a Crowdstrike alert
from my Security Department. The trigger for this alert is specifically
these lines which Crowdstrike categorizes as "user credential dump".
https://github.com/macports/macports-
base/blob/release-2.10/Makefile.in#L46-L53
I uninstalled Macports and reinstalled without root privileges (Using
steps in this Github gist:
https://gist.github.com/daggerok/d6c7ed8b9efa03b30ffd0e9f44cdd121)
Unfortunately, the Crowdstrike alert triggers even if you install Macports
without privileges (EG: `port selfupdate`). Apparently calling `dscl` at
all will generate an alert Crowdstrike. Is there a way to skip the user /
group check on install?
--
Ticket URL: <https://trac.macports.org/ticket/69187#comment:5>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list