Distributing unnotarized Mac apps in a text file
lapcatsoftware.comThis is a neat hack, but is there a practical use case here for everyday software developers? I sincerely hope that even novice users have better sense than to download a text file from a web site, find a sketchy ZIP file inside the text file, and then follow directions in the text file. It's like downloading a movie from a sketchy web site and in the package you see a RunMe.exe file. The whole thing reeks of red flags that should tell even moderately sophisticated users "This is malware".
I don't know about you, but I've been embedding data into images and sharing them for nearly 20 years. My target audience knows how to correctly consume these files.
Don't coddle the user.
TextEdit is a wealth of problems it seems.
Only if you consider a computer, owned by a user, following that user's explicit command to run a piece of software (without further hindrance) "a problem".
It would be nice if the rest of the macOS respected the wishes of the hardware's owner equally.
Not really. In an attempt to use some DWIM to avoid surprising the user (“Text”Edit supports styled text not just in RTF but HTML) they introduced a bunch of new surprises (opening a seemingly inert text file actually allows code injection). It’s hard to say that this is clearly respecting the “wishes” of the hardware owner (I suppose the hardware owner might have wanted this, as per the article’s example, but surely that is the minority).
They don’t stop the hardware owner from opening the file in an actual text editor such as Emacs or vi.
And you can still download and run anything you like from the net, though by default they add roadblocks anyone can simply move aside. That’s probably the right thing: in my extended household of 9, really there are only two people downloading arbitrary binaries from the net and running them. And neither of us disables gatekeeper.
It does, the hardware owner merely has to tell macOS what it wants. Open a Terminal and type:
And you’ll be able to run as many unnotarized apps as you wish, just by double clicking them.sudo spctl —-master-disableHowever, if the hardware owner wants to disallow unnotarized software, macOS should enforce that policy.
Technically you have to reboot into Recovery to run this command.
No, you’re thinking of csrutil --disable for turning off System Integrity Protection. You don’t have to do that to run unnotarized apps.
>It would be nice if the rest of the macOS respected the wishes of the hardware's owner equally.
Who the real owner is is going to depend on how Right To Repair initiatives work out.
TextEdit is great. Don’t get me wrong. But pretending like the security problems it has are a feature explicitly requested by the user is... bizarre.
This is pretty brilliant, well done