search

3-manifolds / Sage_macOS

SageMath as a macOS application bundle.
152 stars 15 forks source link

SageMath-9-7 wants to control Finder and System Events #46

Closed neldredge closed 1 year ago

neldredge commented 1 year ago

I installed the SageMath 9.7 bundle on MacOS Monterey 12.6 on arm64 (M1), and on first run, it requested access to control Finder and System Events. This seemed a little suspicious, so I didn't grant it, and without it the application does not seem to work. I get the small Available User Interfaces window, and if I select Command Line with Terminal.app, the window closes and nothing else happens.

Is this normal behavior? If so, why does SageMath require such access? Should this be explained in README.rst?

(I do know that I can grant access in the Security & Privacy preferences, but am trying to determine whether or why I should do so.)

culler commented 1 year ago

Yes, the app needs those permissions. Yes that is normal behavior. The main executable of the app needs to be able to find and launch Terminal.app and then ask Terminal.app to run the python interpreter bundled in the app using a specific environment. Doing those things requires access to Finder and System Events. It is not as if you will find any documentation which specifies exactly which permissions are required for which actions. But those two permission requests happen to be the ones that get generated by Apple the first time that you run the SageMath app.

Keep in mind that the code for the app is open source, so you are free to examine the code to see if it is doing anything nefarious. (SageMath.c is the source for the main executable.) Also, Apple told you when you installed the app that they had checked it and had not found any security risks, but of course they made no guarantees and neither do we. Apple did not tell you that the app could do its job without having access to basic components of their operating system. And, in fact, it does need access to a couple of things. The fact that Apple asks your permission before granting that access is not really suspicious. After all, the app does need to read files on your hard drive and has the ability to write or delete other files. You could write a python program which would, for example, delete all of your files, and you could run that program in Sage if you wanted to. So running Sage could be pretty dangerous. And Apple does not want to take responsibility for something as dangerous as that, so they ask you to take the responsibility by granting the app access to Finder and System Events.