Skip to content

Instantly share code, notes, and snippets.

View josephgimenez's full-sized avatar

Joseph Gimenez josephgimenez

9 followers · 12 following
View GitHub Profile
@josephgimenez
josephgimenez / endpoint_security.md
Created March 1, 2026 20:24

How Endpoint Security Works

The Endpoint Security framework is Apple's supported API for intercepting system operations in real-time. It replaced the deprecated kernel extensions (kexts) starting in macOS 10.15.

The Model

A privileged ES client process (the supervisor) subscribes to event types. When a monitored process performs an operation, the kernel holds the syscall and delivers an AUTH event to the ES client. The client inspects the event and responds with ALLOW or DENY. Only then does the kernel proceed.

Child process (sandboxed)              Kernel                    ES Client (nono supervisor)
@josephgimenez
josephgimenez / linux_vm.md
Created March 1, 2026 20:20

Linux: seccomp User Notification as the Equivalent to Endpoint Security

Linux already has the exact primitive we need — no special entitlements required.

SECCOMP_RET_USER_NOTIF (Linux 5.0+)

seccomp user notification allows a supervisor process to intercept syscalls from a sandboxed child and make allow/deny decisions — the same model as macOS Endpoint Security, but available to any unprivileged process.

Child (sandboxed)                    Kernel                     Supervisor (nono)
@josephgimenez
josephgimenez / attempts.md
Created March 1, 2026 20:18

Here's a breakdown of the different attempts made in case it's helpful:

Workarounds Attempted Without Endpoint Security

Without the Endpoint Security entitlement, nono uses Seatbelt (sandbox_init()) for macOS sandboxing. Seatbelt is a static, apply-once sandbox — once set, permissions cannot be expanded. This creates fundamental challenges for interactive permission management. Here's what we've attempted:

1. Sandbox Extension Tokens (Failed)

Goal: Use sandbox_extension_issue_file() / sandbox_extension_consume() to dynamically grant file access to sandboxed processes.

@josephgimenez
josephgimenez / sandbox_extension_token.md
Last active March 1, 2026 20:23
issues leveraging seatbelt extension tokens

Sandbox Extension Tokens Don't Survive exec()

The Intended Flow

Supervisor (unsandboxed)
  │
  ├── sandbox_extension_issue_file("/path/to/file", ...)
  │     → returns token string
 │
@josephgimenez
josephgimenez / gist:c9f01e002ac51eea443940e48923587e
Created December 4, 2023 00:46
### Keybase proof
I hereby claim:
* I am josephgimenez on github.
* I am orangevent (https://keybase.io/orangevent) on keybase.
* I have a public key ASAW7poMdBLSA9ntxTdAbRi-IRUhehW97IYPydxVSSjmZAo
To claim this, I am signing this object:
@josephgimenez
josephgimenez / keybase.md
Created July 20, 2019 18:10

Keybase proof

I hereby claim:

  • I am j0sephgimenez on github.
  • I am asyncsec (https://keybase.io/asyncsec) on keybase.
  • I have a public key whose fingerprint is DDFA 3D41 F4F5 5988 60BB 2B92 D208 CD8E D235 883D

To claim this, I am signing this object: