Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ZT] macOS Big Sur or newer need to manually trust #18933

Open
wants to merge 1 commit into
base: production
Choose a base branch
from
Open

[ZT] macOS Big Sur or newer need to manually trust #18933

wants to merge 1 commit into from
+2 −2

Conversation

kyouheicf
Copy link
Contributor

It need to be fixed from Ventura to Big Sur because of this release.

https://developer.apple.com/documentation/macos-release-notes/macos-big-sur-11_0_1-release-notes#Security

Security
New Features

  • macOS Big Sur 11 beta improves system security by requiring an administrator password when a certificate trust settings change is made in the admin trust domain. Running as the root user alone is no longer sufficient to modify certificate trust. User trust domain settings continue to require confirmation by entering the password for the user’s account. This change may affect you if one of the following is true:
    • You have written scripts which call /usr/bin/security add-trusted-cert -d ... as root.
    • Your process runs as root and calls the SecTrustSettingsSetTrustSettings function to trust a certificate.

Ref. security add-trusted-cert asks pas… | Apple Developer Forums

@kyouheicf
[ZT] macOS Big Sur or newer need to manually trust
d8d564f 
It need to be fixed from Ventura to Big Sur because of this release.

https://developer.apple.com/documentation/macos-release-notes/macos-big-sur-11_0_1-release-notes#Security

>**Security**
>**New Features**
>- macOS Big Sur 11 beta improves system security by requiring an administrator password when a certificate trust settings change is made in the admin trust domain. Running as the root user alone is no longer sufficient to modify certificate trust. User trust domain settings continue to require confirmation by entering the password for the user’s account. This change may affect you if one of the following is true:
>   - You have written scripts which call /usr/bin/security add-trusted-cert -d ... as root.
>   - Your process runs as root and calls the SecTrustSettingsSetTrustSettings function to trust a certificate.

Ref. [security add-trusted-cert asks pas… | Apple Developer Forums](https://forums.developer.apple.com/forums/thread/671582)
@kyouheicf
Copy link
Contributor Author

PCX-15148

@ranbel ranbel requested a review from maxvp December 26, 2024 19:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kkrum kkrum Awaiting requested review from kkrum kkrum is a code owner

@kokolocomotion1 kokolocomotion1 Awaiting requested review from kokolocomotion1 kokolocomotion1 is a code owner

@ranbel ranbel Awaiting requested review from ranbel ranbel is a code owner

@maxvp maxvp Awaiting requested review from maxvp

At least 1 approving review is required to merge this pull request.

Assignees

@maxvp maxvp

Labels
product:cloudflare-one size/xs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kyouheicf @maxvp @kkrum @ranbel @kokolocomotion1