BinaryAge

Is TotalFinder security tweak still needed?

Hi Guys

I stopped using TotalFinder since the security tweak was required to use it. Is it still the case? Cause I’ve been working without TotalFinder since 2015 as far as I remember

Regadrs

Yes, disabling SIP is still required including macOS Big Sur. And this is unlikely to change :frowning:

https://totalfinder.binaryage.com/sip

Would you reconsider implementing a solution like XtraFinder succeeded in doing to not require disabling SIP?

I know you mentioned in the past the concern that this work-around solution might be temporary BUT it has been a couple of years and it still works, so why not implement this UNTIL it stops working…

I could be wrong but from my limited understanding it is not very difficult work-around to implement.

I wonder if XtraFinder will be able to pull this off again under macOS 11 (Big Sur).

AFAICT there are two new security hardenings in Big Sur related to our case:

  1. Library Validation: the Finder binary is newly marked as a platform binary, so system prevents loading/injecting any non-platform code into it even with SIP fully disabled, see how to disable it here: macOS Big Sur and TotalFinder
  2. Signed System Volume: https://eclecticlight.co/2020/06/25/big-surs-signed-system-volume-added-security-protection

If I remember correctly, XtraFinder relies on the fact that FileProvider framework loads extra “plugins” from this location[1] without checking for apple/platform signatures. Maybe Apple had a reason to not check for the signatures, so they could not easily fix it. Even if this is still the case under Big Sur, it seems with Signed System Volume filesystem-level modification of anything under /System will be a royal pain in the ass…

Let’s see. I would reconsider implementing it if there was a sane way how to circumvent SIP in Finder injection case.

[1] /System/Library/PrivateFrameworks/FileProvider.framework/OverrideBundle.

That was already patched 6 months ago in 10.15.4 and TBH I’m shocked it went unpatched as long as it did.

People that use software that modifies core OS functionality on macOS need to realize that SIP must be off, there is no compromise to that. Any workaround would be an exploit that would leave your machine just as vulnerable as if it had SIP off in the first place.

Thanks for your insights. I agree. I considered it a security hole waiting to be patched - and that is why I didn’t want to go that route with TotalFinder.

As as side note:

I wonder since when Library Validation can be disabled by a plist tweak (with admin rights):

sudo defaults write /Library/Preferences/com.apple.security.libraryvalidation.plist DisableLibraryValidation -bool true

I guess this will be disabled in official final Big Sur release or in some future macOS. Apple might decide to move this tweak under RecoveryOS similar to SIP tweaking via csrutil.

Any thoughts @w0lf?

I understand why you don’t want to invest a lot of effort into an approach that Apple will likely soon sabotage.

I use TotalFinder on my main machine (antique OS) and XtraFinder on a laptop (Mojave) - and there is really no comparison. TF is elegant, attractive, and easy to use. XF works - which I’m grateful for - but it’s quite clunky and awkward.

I don’t know how much of that difference is attributable to design/coding, and how much comes down to the difficulty of working around Apple’s restrictions under the different versions of MacOS. But if there’s any way the (much nicer) design of TF could be adapted to work in newer Mac OS versions, I’d happily pay for it again!

1 Like