Kris on Twitter: “On a scale of 1-8, how pessimistic is your code?”
Posted by jpluimers on 2024/10/17
Interesting series of tweets about what to harden your application for in a reply to [Wayback/Archive] Kris on Twitter: “On a scale of 1-8, how pessimistic is your code? “Write code to provision a Google Chrome Extension for an end users Mac.”” which I saved to [Wayback/Archive] Thread by @isotopp on Thread Reader App (actually the scale is 1-9):
Extensions are stored in a 32 letter directory in the user profile in the Extensions directory.
i.e.
/Users/kris/Library/Application Support/Google/Chrome/Default/Extensions/<32letters>
- The User has set up their Mac so that their home directory is not in /Users.
- The User has set up their Mac so that the home directory name is different from their login user name.
- The User has multiple user profiles in Chrome, so that the path is not
$HOME/Library/Application Support/Google/Chrome/Default, but some other profile directory.- The target profile is not “
Default“.- The target name is not a directory, but a symlink to some interesting system config file or directory instead.
- The target name already exists, and is a file, not a directory.
- The target name is a file, and has permissions set to
000(chmod a-rwx).- The file has an ACL that denies deletion to the user.
$ chmod +a "$USER deny delete" <32chars>- The file has been
chflags‘ed toschg(immutable; irrevocable, unless the machine is rebooted to single user mode).
The above idea was for Chrome Extensions, so the below links are relevant, but it could be extended to any installer use case.
- [Wayback/Archive] Apps und Erweiterungen automatisch installieren – Chrome Enterprise and Education-Hilfe
- [Wayback/Archive] Automatically install apps and extensions – Chrome Enterprise and Education Help
–jeroen
The Wiert Corner - irregular stream of stuff 
Leave a comment