7

Ever since OS X 10.7.3, my text editor is setting the "quarantine" bit on any file it touches.

My text editor is designed for working with shell scripts, and if the quarantine bit is set then a shell script cannot be executed from the command line, until you double click it in Finder and go through a "This application was downloaded from the internet" alert (or remove the quarantine bit with xattr).

For example, I just created a "hello world" script in my app, it has been quarantined, and cannot be executed:

$ xattr -l foo
com.apple.quarantine: 0006;4f51dd2f;Dux;
$ chmod +x foo
$ ./foo
-bash: ./foo: Operation not permitted

If I remove the quarantine bit, the script works:

$ xattr -d com.apple.quarantine foo
$ ./foo
hello world


According to some forum posts, TextEdit also sets the quarantine bit on any shell script it creates.

I'm using a simple NSDocument subclass to create the file:

- (NSData *)dataOfType:(NSString *)typeName error:(NSError **)outError
{
  return [self.textStorage.string dataUsingEncoding:self.stringEncoding];
}


How can I remove the quarantine bit from files created in my app? Other text editors, such a TextWrangler, do not set the quarantine bit.

UPDATE

A little more info, this only occurs when creating a "script application" file, which is anything from perl scripts to html.

And it only occurs when my app is sandboxed. Disabling sandboxing fixes the problem, but that's not a long term solution.

I've filed a bug with Radar, it looks like there might be nothing to do but wait/hope that avenue gets it fixed.

Vadim Kotov
  • 8,084
  • 8
  • 48
  • 62
Abhi Beckert
  • 32,787
  • 12
  • 83
  • 110

3 Answers3

1

Nice to know that I'm not the only one with this problem - which has been difficult to track-down information on. I've found this problem occurs with data files saved by my program (these are not scripts, they are just XML data...).

I confirm that LSFileQuarantineEnabled made no difference.

I also tried to remove the attribute after the file was written, using removexattr http://hints.macworld.com/article.php?story=20071029151619619, but this didn't work either - the sandbox prevented the call from working.

By way of background, I also found this discussion of the problem: http://reviews.cnet.com/8301-13727_7-57374676-263/workarounds-for-quarantine-bug-in-os-x-lion/

For the record, I've separately raised a bug with Apple.

EDIT: I have found the source of the problem, and figured-out the work-around.

The problem was that if the file data is plain XML format data, MacOS mistakenly displays the reported message (I think this is because it wrongly assumes that the file is a script). If I change the file format to be an alternative that clearly isn't XML, the warning disappears. The file is still saved with the quarantine bit set, however!

So this is definitely due to an issue in MacOS, but there is a relatively easy work-around - just change your file format!

Pete
  • 784
  • 8
  • 9
  • Seems like it has been fixed in OS X 10.8 (I'm going to answer my question with that, but wanted to comment to make sure you find out). I guess we just have to make our sandboxed apps required 10.8. – Abhi Beckert Aug 16 '12 at 19:07
1

Try ensuring that the LSFileQuarantineEnabled in your Info.plist is set to false (which should be the default). If the attribute is still being set, then I'd suggest filing a bug report and removing it programmatically with removexattr(2)/fremovexattr(2)

一二三
  • 21,059
  • 11
  • 65
  • 74
  • Thanks, adding that entry to my plist fixes the problem, however the documentation clearly states NO is the default, perhaps they changed it to YES in 10.7.3. – Abhi Beckert Mar 03 '12 at 23:54
  • Actually, it turns this doesn't seem to work (not sure what's going on?) I'm sure I tested it, but now I'm seeing the same quarantine bit set even though my app still has `LSFileQuarantineEnabled` set to `NO`. – Abhi Beckert Mar 09 '12 at 23:24
  • Thanks, I have filed a bug. Manually removing it didn't work, probably because my app is sandboxed (also, the bug doesn't occur when my app is running outside the sandbox. Updating my question to reflect that). – Abhi Beckert Mar 10 '12 at 07:15
0

As far as I can tell, this bug has been fixed in OS X 10.8 (Mountain Lion).

Seems like I will have to make 10.8 the minimum OS version for my app. Not really a big deal for me... but hopefully Apple fixes it in a bugfix to 10.7 (the system requirements for 10.8 are quite a bit higher than 10.7, I know people who can't upgrade).

Abhi Beckert
  • 32,787
  • 12
  • 83
  • 110
  • Are you sure this has been fixed? I'm having this exact same problem on 10.8.2 - all the files that my app creates are being quarantined. – Dennis Ritchie Jan 13 '13 at 09:23
  • @DennisRitchie if I create a new plain text document in TextEdit, and save it to the desktop as "test.rb" the file is not quarantined. On OS X 10.7 it would have been quarantined. Perhaps there are other situations where the same thing can happen? I think you should open a new question separate to mine. – Abhi Beckert Jan 15 '13 at 06:01
  • 3
    ain't fixed for me in 10.8 either. weirdly, adding 'com.apple.security.files.user-selected.executable' to the entitlements fixes the problem for me – user1259710 May 08 '14 at 18:03
  • @user1259710 a quick check shows TextEdit has that entitlement. – Abhi Beckert May 14 '14 at 03:00