{"@attributes":{"version":"2.0"},"channel":{"title":"Codesigning on theevilbit blog","link":"https:\/\/theevilbit.github.io\/tags\/codesigning\/","description":"Recent content in Codesigning on theevilbit blog","generator":"Hugo","language":"en","lastBuildDate":"Tue, 19 Jan 2021 00:00:00 +0000","item":{"title":"About com.apple.private.security.clear-library-validation","link":"https:\/\/theevilbit.github.io\/posts\/com.apple.private.security.clear-library-validation\/","pubDate":"Tue, 19 Jan 2021 00:00:00 +0000","guid":"https:\/\/theevilbit.github.io\/posts\/com.apple.private.security.clear-library-validation\/","description":"<h2 id=\"tldr\">\n  TL;DR\n  <a class=\"heading-link\" href=\"#tldr\">\n    <i class=\"fa-solid fa-link\" aria-hidden=\"true\" title=\"Link to heading\"><\/i>\n    <span class=\"sr-only\">Link to heading<\/span>\n  <\/a>\n<\/h2>\n<p>On macOS 10.15.2 Apple introduced the <code>com.apple.private.security.clear-library-validation<\/code> entitlement, which is slowly replacing the previously used <code>com.apple.security.cs.disable-library-validation<\/code> entitlement on system binaries. Although their impact is the about the same, the way they work is different. While library validation is automatically disabled using <code>com.apple.security.cs.disable-library-validation<\/code>, with <code>com.apple.private.security.clear-library-validation<\/code>, the application has to disable it for itself through a <code>csops<\/code> system call.<\/p>\n<h2 id=\"intro\">\n  Intro\n  <a class=\"heading-link\" href=\"#intro\">\n    <i class=\"fa-solid fa-link\" aria-hidden=\"true\" title=\"Link to heading\"><\/i>\n    <span class=\"sr-only\">Link to heading<\/span>\n  <\/a>\n<\/h2>\n<p>With the release of Big Sur, I noticed that many of the system binaries have a new entitlement, which I didn&rsquo;t see before, and that is <code>com.apple.private.security.clear-library-validation<\/code> (later it turned out that it was introduced earlier, but I didn&rsquo;t know about it that time). These applications possessed the <code>com.apple.security.cs.disable-library-validation<\/code> before, so it seemed that this is being replaced with a new one. The name suggest similarity, and testing it also confirmed, that these binaries can still load third party plugins signed by non Apple developers. This means that these entitlements have the same impact.<\/p>"}}}