Nomachine hotkeys5/18/2023 ![]() ![]() It also takes the name from one specific bundle (we have loads of ThinLinc bundles on the test mac), not the name stored in the plist. ![]() I've not been able to come up with a search query that gives any decent results. I've not been able to figure out where this cache is, or how to control it. Removing an application from the trust settings is not enough as it will just get restored on the next access request, and the signature is remembered. Unfortunately knowledge about application bundles is cached somewhere in the system. I still saw some signature errors in the system console, but not as many. However if I changed the CFBundleIdentifier of the bundle, then a new entry popped up in settings. The system console showed a lot of errors with an error code that means that the software is unsigned (forgot to note the exact number). ![]() I saw this by the fact that I was not able to get my custom build trusted, even if I enabled the trust in settings. Which makes sense as otherwise a malicious application could easily claim to be a trusted application and get access it shouldn't. Signatures seem to affect how the trust is handled. Giving access to tlclient also gives access to vncviewer (at least according to AXIsProcessTrusted()). I tested the nesting a bit and it seems like vncviewer is considered part of the tlclient bundle in this regard. I've only tried it with a standalone vncviewer so far. I also haven't tested how/if this works with the nested bundling we have in ThinLinc. It is possible to work around it using dlsym(), but it would be nice to raise our system requirements ( bug 5878). This makes things a bit messy for us as we are stuck on 10.6. So users should be somewhat used to them, which is fortunate as the error message is rather misleading as we don't need this for accessibility features.Įvent taps have been around for forever, but AXIsProcessTrustedWithOptions() was added in macOS 10.9. Googling the error message you get ("Foo.app would like to control this computer using accessibility features") you get some hits saying that applications like Steam and Dropbox do this. We just need to attempt to do set up for the event tap again. Once the user does that things start to work right away. It allows the user to quickly open the correct part of the system settings and give us the necessary access. And I can confirm we don't have privileges to do this by default, and AXIsProcessTrustedWithOptions() will indeed prompt the user in that case. This is a system installed service though so it might have a hard coded back door for this.Ī quick test shows that event taps seem to work fine for this. It's unclear how it gets the extra privileges it needs. There is nothing about PushSymbolicHotKeyMode() among the imported symbols. > RFBEventHelper.bundle/Contents/MacOS/RFBEventHelperd: > $ cbrun os圆4 x86_64-apple-darwin10-otool -v -I RFBEventHelper.bundle/Contents/MacOS/RFBEventHelperd | grep Event ![]() It seems to use the EventTap system, given that it imports those symbols: > claim it has a background service called RFBEventHelper that is essential > client does since it apparently forwards all key presses. > We could also see if we can figure out what Apple's own screen sharing (In reply to Pierre Ossman from comment #8) ![]()
0 Comments
Leave a Reply. |