My previous blog post disclosed a Mac sandbox escape. To save myself time and effort, I simply copy and pasted my original email to Apple Product Security. (After all, I'm not getting paid a bug bounty for my work!) This probably wasn't ideal for public consumption, because my email presumed a high level of knowledge on the subject possessed by Apple Product Security but not necessarily possessed by the general public. So I'm writing now to clarify a number of points that I feel have not been broadly understood.
com.apple.quarantineextended attribute. As long as my sample shell script is quarantined, it cannot be executed. A sandboxed app cannot normally remove the quarantine from a file. However, the special
com.apple.security.files.user-selected.executableentitlement possessed by TextEdit, as well as some other apps such as BBEdit and Transmit (remember how Apple made a big deal about them coming to the Mac App Store?), allows removal of the quarantine, thus enabling execution.
com.apple.security.files.user-selected.executable" entitlement requires no user selection.
com.apple.security.files.user-selected.executableentitlement, such as TextEdit, can remove the quarantine from a file without user consent. The app simply has to open a document and save it. This can occur programmatically, and it doesn't even require any edits to the document. If you're a developer you can test this yourself by creating a sample document-based application with the entitlement. Needless to say, I've tested this.
codesign --display --entitlements - /Applications/TextEdit.app.
com.apple.security.files.user-selected.executableentitlement allows a sandboxed app to escape the sandbox and execute non-sandboxed code. Effectively, this entitlement negates the sandbox. Any apps so entitled may be nominally sandboxed, but practically speaking, they're not sandboxed. You might say the entitlement makes a mockery of the sandbox. Furthermore, any "maliciously crafted document" vulnerability in these specially entitled apps that causes arbitrary code execution would also be a sandbox escape. Arbitrary code execution means a maliciously crafted document could cause the app to save a document, which means removing the quarantine from the document and allowing execution outside the sandbox. I personally haven't found any such vulnerabilities (though other security researchers might have!), which is why I investigated the method of controlling the app with another app via AppleScript.
com.apple.security.files.user-selected.executableentitlement. It's part of the so-called macOS privacy protections introduced in Mojave and expanded in Catalina, and it appears for both sandboxed and non-sandboxed apps. You can see which apps have Apple Events permission by looking in System Preferences:
/Users/Sharedis also unrelated to the sandbox.
/Users/Shared, which is not generally accessible to a sandboxed app. The reason I choose
/Users/Sharedrather than the user's Desktop or Documents folder is again because of macOS "privacy protections" in Catalina that apply to both sandboxed and non-sandboxed apps. Every app (unfortunately) in Catalina is restricted from writing to Desktop and Documents (among other folders) unless given special permission. Whereas the folder
/Users/Sharedis unrestricted in this sense. It's always been the case that a sandboxed app can only write to certain folders, but it's only recently been the case that non-sandboxed apps have also been restricted.