Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

macOS pwsh binary for v7.4.4 is not code signed #24088

Copy link
Copy link
Closed as duplicate of#10874
Closed as duplicate of#10874
macOS pwsh binary for v7.4.4 is not code signed#24088
Copy link
Assignees
adityapatwardhan
Labels
WG-Maintainers-Buildspecific to affecting the buildspecific to affecting the build
@NoahRJ

Description

@NoahRJ
NoahRJ
opened on Jul 25, 2024
Issue body actions

Prerequisites

Steps to reproduce

The pwsh binary for version 7.4.4, located at /usr/local/microsoft/powershell/7/pwsh (symlinked to /usr/local/bin/pwsh) is not code signed, and was in previous releases, most recently 7.4.2.

This constitutes a security issue as there is no way to confirm pwsh has not been modified without a valid Microsoft application signature attached.

Expected behavior

Running `codesign -dvv` on the 7.4.4 binary shows a proper certificate chain with Microsoft's signing authority and team identifier, like is displayed with the 7.4.2 release:Payload codesign -dvv usr/local/microsoft/powershell/7/pwsh
Executable=/private/tmp/powershell-7.4.2-osx-arm64.pkg/powershell-7.4.2.pkg/Payload/usr/local/microsoft/powershell/7/pwsh
Identifier=apphost-55554944334c276ec52934338e28e21fac52c69a
Format=Mach-O thin (arm64)
CodeDirectory v=20400 size=1044 flags=0x0(none) hashes=26+2 location=embedded
Signature size=9013
Authority=Developer ID Application: Microsoft Corporation (UBF8T346G9)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Apr 9, 2024 at 6:11:26 PM
Info.plist=not bound
TeamIdentifier=UBF8T346G9
Sealed Resources=none
Internal requirements count=1 size=208


### Actual behavior

```console
Running `codesign -dvv` on the 7.4.4 binary shows an ad hoc signature with no way to validate integrity and confirm it is a genuine Microsoft release:


➜  Payload codesign -dvv usr/local/microsoft/powershell/7/pwsh
Executable=/private/tmp/powershell-7.4.4-osx-arm64.pkg/powershell-7.4.4.pkg/Payload/usr/local/microsoft/powershell/7/pwsh
Identifier=apphost-55554944ebbb141c7c103d9ebac3a924d1f83baa
Format=Mach-O thin (arm64)
CodeDirectory v=20400 size=1033 flags=0x2(adhoc) hashes=26+2 location=embedded
Signature=adhoc
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements count=0 size=12



### Error details

_No response_

### Environment data

```powershell
Name                           Value
----                           -----
PSVersion                      7.4.4
PSEdition                      Core
GitCommitId                    7.4.4
OS                             Darwin 23.1.0 Darwin Kernel Version 23.1.0: Mon Oct  9 21:26:29 PDT 2023; root:xnu-10002.41.9~6/RELEASE_ARM64_VM…
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0



### Visuals

_No response_
Reactions are currently unavailable

Metadata

Metadata

Assignees

Labels

WG-Maintainers-Buildspecific to affecting the buildspecific to affecting the build

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    Morty Proxy This is a proxified and sanitized view of the page, visit original site.