Apple QA seems to have been asleep at the wheel for the Sequoia release.
Sure, the 15.0.1 release now makes the stateful firewall UDP aware, so you can use exotic things like DNS with the firewall blocking unilateral incoming connections. At least there was a workaround for that.
How about unix datagrams, though?
Did you know that a simple userland rust program that attempts to use Unix datagrams to connect to themselves will panic the entire OS?
🤦♂️
https://github.com/rust-lang/rust/issues/131374
=> More informations about this toot | More toots from wdormann@infosec.exchange
What sort of weird edge case is running a rust program in macOS, though?
Fine. How about python?
https://gist.github.com/wdormann/85426467dd5a1d310d1d208fc16ade23
A python app shouldn't be able to crash the whole OS, right?
Was macOS Sequoia written by ChatGPT and then released to the public without bothering to test it?
=> More informations about this toot | More toots from wdormann@infosec.exchange
To be fair, having a Unix Datagram connect to itself is odd. And as such, it probably won't be seen in the wild too much.
Attempting to do so in Perl will cause Perl to complain that you can't do such a thing.
But for those things that do allow you to do it, maybe the OS shouldn't fall over as the result of doing it? 😂
=> More informations about this toot | More toots from wdormann@infosec.exchange
Also, although this bug was reported in Sequoia, it's been around since macOS 13. I have not tested anything older than that.
=> More informations about this toot | More toots from wdormann@infosec.exchange
FWIW, this is addressed in Sequoia 15.2
=> More informations about this toot | More toots from wdormann@infosec.exchange
text/geminiThis content has been proxied by September (3851b).