Hacker News new | past | comments | ask | show | jobs | submit login

MacOS is notorious for this. By default, it would only run binaries signed with an Apple-issued certificate. You can bypass this multiple different ways, of course, but that requires knowing that it can be bypassed in the first place.

Then there are mobile OSes where you don't get to see the binaries at all. Yes you can repack an apk but again, that's a more involved process requiring specific tools and knowledge (and very awkward to do on the device itself), and iOS is completely locked down.




> MacOS is notorious for this. By default, it would only run binaries signed with an Apple-issued certificate. You can bypass this multiple different ways, of course, but that requires knowing that it can be bypassed in the first place.

What do you mean? When I compile something with a myriad of different language stacks or compiler toolchains, I'm not aware of an Apple-issued certificate ever being involved and those binaries run just fine.


Probably because the environment you use to compile it, like the terminal or Xcode, is added to "developer tools" under security settings. Xcode in particular does that for itself automatically.


So I don't even need to know how to bypass it because it happens automatically behind the scenes. Nice.


But if you edit a binary with a hex editor, invalidating its signature, you would need to know how to bypass it.


Unlike your average user, if you have the knowledge to apply a hex editor, then you probably can Google how to work around the signature error.


It won’t run on another user’s computer unless it’s been Notarized.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: