averello/swift-mirror
1
0
Fork 0
mirror of https://github.com/apple/swift.git synced 2025-12-14 20:36:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

[Backtracing] Security improvements.

Browse Source 
Use `task_read_for_pid()` rather than having the crashing program pass its
own task port through.  This opts us in to additional OS security measures
surrounding the use of this call.

rdar://107362003
This commit is contained in:
Alastair Houghton
2023-04-11 17:20:48 +01:00
parent ef46563686
commit e5680de071
6 changed files with 54 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
utils/swift-darwin-postprocess.py
View File

@@ -10,7 +10,7 @@ import subprocess
import sys
utils = os.path.dirname(os.path.realpath(__file__))
get_task_allow_plist = os.path.join(utils, 'get-task-allow.plist')
def main(arguments):
parser = argparse.ArgumentParser(
@@ -91,7 +91,9 @@ def unrpathize(filename):
def codesign(filename):
# "-" is the signing identity for ad-hoc signing.
command = ["/usr/bin/codesign", "--force", "--sign", "-", filename]
command = ['/usr/bin/codesign', '--force', '--sign', '-',
'--options=runtime', '--entitlements', get_task_allow_plist,
filename]
subprocess.check_call(command)