Apple’s macOS UNIX certification is a lie (2025)
15 points by juliethefoxcoon
15 points by juliethefoxcoon
Most of these changes appear to just be for the purposes of the test suite itself rather than actual UNIX conforming behavior. For example, the fact that Spotlight may change file access times is not non-conforming behavior (it's accessing files!), it's just something that may interfere with the test suite as the test suite assumes nothing else is accessing the files. Same thing with timeout coalescing, that's done for a good reason, and it doesn't violate behavior (sleep explicitly says it may sleep for longer due to the scheduling of other activity by the system), it's just the test suite presumably requires sleep to be more predictable because of how it's written.
The weirdest one is the uucp stuff, where the problem is 6 binaries involved have the user _uucp but aren't setuid. I don't really know anything about uucp but my best guess here is these binaries expect to be able to write to /var/spool/uucp/ and they can't do that unless they're running as the _uucp user. I don't know why Apple chose to ship them with setuid off (beyond the fact that Apple presumably wants to be very conservative about which binaries are allowed to be setuid, though since these ones are _uucp instead of root it seems like it should be safer?) and I don't know if uucp can actually work just fine without them being setuid and it's just the particular configuration that the test suite uses needs this or what.
UUCP is setuid for similar reasons to sendmail being setuid: it needs write access to a shared multi-user store-and-forward spool. With the added constraint that uucp dates back to the time of really small PDP11 machines, so (unlike sendmail on a VAX) they couldn’t afford to have a persistent daemon running to serve the occasional request; plus 1970s unix had nugatory IPC facilities so it wasn’t possible to talk to daemons in any useful way. One of uucp’s features is remote code execution as a service (RJE was cutting-edge in the 1970s!) so even if uucp is installed by default it’s wise to leave it inoperable without intervention by experts, because it’s ancient code that crosses security boundaries and therefore is asking for slapstick vulnerabilities.
I think the reality is a lot less exciting: deep inside Apple there are probably still a few hardcore UNIX people who do actually really care about this, and they clearly don’t mind spending some work time keeping the certification train going.
Either that or they need it to sell to entities that require the certification for some borked compliance reason.
A fun thing is that Unix certification requires support for printf(“%n”) a feature that is pretty much only used for exploitation :-/