Get best of the week

Does Mac OS slow down? - Catalina checks any unsigned code over the Internet at startup

Many users after switching to Catalina began to complain about the brakes. Western colleagues found out the reason: MacOS sends a hash of any unsigned code to Apple servers.

This creates serious delays in execution, which can be easily checked:

echo $'#!/bin/sh\necho Hello' > /tmp/test.sh && chmod a+x /tmp/test.sh
time /tmp/test.sh && time /tmp/test.sh

The results are surprising:

$ time /tmp/test.sh && time /tmp/test.sh
Hello

real    0m1.417s
user    0m0.001s
sys 0m0.003s
Hello

real    0m0.003s
user    0m0.001s
sys 0m0.002s

Why it happens? Apple has been using the Notarization mechanism for quite some time - with it, users can be sure that a program signed by a valid Developer-ID does not contain malicious components. That is, in addition to the fact that the application is signed, Apple will also automatically check it for malware elements.
Interestingly, in the future, Apple generally plans to ban the launch of non-notarized programs. Quote:
Important

Beginning in macOS 10.14.5, software signed with a new Developer ID certificate and all new or updated kernel extensions must be notarized to run. Beginning in macOS 10.15, all software built after June 1, 2019, and distributed with Developer ID must be notarized.

Now, apparently, in order to break in, any new unsigned code that you run is sent to the AAPL server. This can be easily verified by running any network analyzer and seeing calls to the api.apple-cloudkit.com domain. It should be noted that it is not the code itself that is transmitted, but the hash amount. You can check this in two ways - compare the amount of data transmitted over the network for scripts of different sizes; as well as looking at the contents of the daemon responsible for sending data ( otool -tV / usr / libexec / syspolicyd ). However, with a slow Internet connection, delays can be seconds - a user from China writes about a delay of 5.47 seconds.

On the one hand, Apple can understand - it cares about the security of users, however, at the same time turning the process of any development on their platform into hell.

But I want to quote the developer who first drew attention to the problem:
This behavior of the operating system indicates serious problems in its design when two methods from the low-level system API (for example, exec and getxattr) perform synchronous network calls before returning the result.

Links:

lapcatsoftware.com/articles/catalina-executables.html
news.ycombinator.com/item?id=23275922
sigpipe.macromates.com/2020/macos-catalina-slow-by-design

More articles:


All Articles