Saagar Jha > On Apr 23, 2020, at 21:26, Allan Odgaard via Cocoa-dev > <cocoa-dev@lists.apple.com> wrote: > > On 24 Apr 2020, at 9:57, Rob Petrovec wrote: > >>> Also weird, why would it phone home for a shell script which has neither >>> been stapled nor even code-signed? >> I think you answered the question just then… a "shell script which has >> neither been stapled nor even code-signed”. Google XProtect & Gatekeeper. > > GateKeeper is basically Safari adding a quarantine flag (via extended > attributes)
Nit: not just Safari; other applications do this to at their discretion when appropriate (for example, if they too download files from the internet). Quarantine is just one part of GateKeeper. > to files downloaded form the internet, and then having Finder check this > flag, throwing up a dialog if the flag is set, and recently, also checking if > the code signature is from a verified developer (possibly refusing to launch > at all, if not). > > XProtect is basically a blacklist that applications are checked against. If > an application matches, it’s considered malware. The blacklist is a local > file on your system but updated by Apple. > > These things operate very differently than having low-level system calls > potentially contact Apple’s servers every time a process is launched on your > system (or, as it appears to be the case on my system, when processes are > accessing certain locations in the file system). > _______________________________________________ > > Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) > > Please do not post admin requests or moderator comments to the list. > Contact the moderators at cocoa-dev-admins(at)lists.apple.com > > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/cocoa-dev/saagar%40saagarjha.com > > This email sent to saa...@saagarjha.com _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
