Prohibit execution from /tmp

Question

Prohibit execution from /tmp

nihil-admirari opened this issue 5 months ago · comments

Problem to solve

os_user_app_installation_prohibit prohibits running software from user profile. Unfortunately, users can still install software to /tmp and run it from there.

Further details

<key>pathBlackList</key>
<array>
    <string>/private/tmp/</string>
</array>

doesn't work.

Dan Brodjieski · Answer 1 · Wed Dec 27 2023 22:07:50 GMT+0800 (China Standard Time)

Hello!
This rule has a note regarding the functionality, and that it requires third party tools in order to fully implement. Unfortunately, there isn't a good built-in solution for this. It's also limited to only a couple of baselines, so depending on your organization, you may consider omitting the rule altogether.

Apple has deprecated the use of link:https://github.com/apple/device-management/blob/eb51fb0cb9626cac4717858556912c257a734ce0/mdm/profiles/com.apple.applicationaccess.new.yaml#L67-L70[application restriction controls], using these controls may not work as expected. Third party software may be required to fulfill the compliance requirements.