Skip to content

Public Build Artifact: Mac 10127826629

Pre-release
Pre-release
Compare
Choose a tag to compare
@github-actions github-actions released this 28 Jul 01:20
10127826629_mac
b07f753
This commit was signed with the committer’s verified signature. The key has expired.
maltfield Michael Altfield
GPG key ID: F8550ED542C2C919
Expired
Learn about vigilant mode. 
attempt to self-harden root_child

This commit adds a step to the start of the root_child_mac binary to harden the root_child_mac binary. Basically it's self-hardening

The reason we do this is because (due to technical restrictions in .dmg files), we can't distribute a .dmg with a file that's owned by root. When the user first installs BusKill, the root_child_mac binary will be owned by their user.

This isn't the worst thing in the world, and we do allow spawning a root_child process as root if it's owned by the current user. But, it's safer if it's owned by root:root, so we harden it the first time it launches.

 * https://github.com/BusKill/buskill-app/issues/77#issuecomment-2254299923
Assets 5
Loading