8

Somehow, and at some point, I believe recently, my system decided to add the com.apple.quarantine attribute to some files. It was quite a pain and was stopping me running scripts that I'd written in my own editor (BBEdit, that I've used without problems for years till the last few days). I located the problem (the xattrs) and added BBEdit to System Preferences > Security & Privacy > Privacy > Full Disk Access. Now new files are okay.

To track down other files I ran /usr/bin/find ~ -xattrname com.apple.quarantine but there were quite a few files so I redirected it to a file on my desktop.

The file is 130M large.

I notice there are a lot of git object files in there, but there's a ridiculous number of files there. Is this normal? If not, and I'm going to reckon it's not correct, how can I stop this from happening again?

  • Should I add, for example, git to Full Disk Access?
  • Is Full Disk Access the correct permission to relieve an app of this burden?
  • Would I have to do this for all apps that download anything?
  • Why would it suddenly become an issue now?

I will fix this by running xattr -rd com.apple.quarantine DIR but I'm not entirely sure I should run it across ~ even though it's irritated me enough to want it gone from anything, even actual viruses.

This is not a duplicate of What should I do about com.apple.quarantine? because of the scope and context, I would think it normal to have this happen to the odd download, not my entire account (and I haven't checked beyond that yet).

Any help or insight will be gratefully received.

Improve this question
5
  • com.apple.quarantine doesn't just get set for the odd download - it gets set for all files created by quarantine enabled apps, see What causes OS X to mark a folder as Quarantined?. I have thousands of such files - everything I've ever unzipped, caches for Browsers, MS Office, AppStore etc so yes it is normal. As mentioned in the link you can see what added it with xattr -p com.apple.quarantine <your_file> - is something in particular causing you issues? I doubt granting Full Disk Access to all internet using apps is the best solution.
    – lx07
    Commented Apr 16, 2020 at 10:11
  • @lx07 The real problem is I'm creating files with my editor and they're being marked as quarantined, which doesn't appear to fit the criterion in that answer. Because they're marked as quarantined they're not able to run even after being marked with chmod +x. The best solution is the one that allows me to get on with my work, I'm all for security - but from scripts I wrote?
    – ian
    Commented Apr 16, 2020 at 10:27
  • Are you using BBEdit from the Mac App Store? If so, try the direct download version, which doesn't have to comply with the App Store restrictions like sandboxing.
    – Gordon Davisson
    Commented Apr 18, 2020 at 2:51
  • @GordonDavisson Thanks for the suggestion, it's the direct downloaded version already.
    – ian
    Commented Apr 18, 2020 at 6:53
  • Extended attributes are not just flags but key=>value stores. They have a payload that can be read by getxattr, which means that a file having the com.apple.quarantine attribute isn't necessarily quarantined. I depends on the contents of that attribute.
    – Bachsau
    Commented Nov 20, 2021 at 13:13

1 Answer 1

Reset to default
6

As BBEdit had been erroneously marked with com.apple.quarantine it meant that all files created that way were also marked. The solution was to run xattr -dr com.apple.quarantine /Applications/BBEdit.app and then restart the app. From that point on, new items created via BBEdit were not marked.

I also ran this monster:

/usr/bin/find ~ -xattrname com.apple.quarantine -type f \
-exec sh -c 'printf "%s" {}; \
  xattr -p com.apple.quarantine {} 2>/dev/null | \
  grep -q BBEdit && xattr -d com.apple.quarantine {} &&\
  printf " - quarantined\n" || printf "\n" ' {} \;

Which took hours. Still, it's gone now.

Edit: I've had to unmark (my own answer!) this as correct because the quarantining is back even though BBEdit now is not marked as quarantined. I lament.

Further edit: After further investigation I found that the app was indeed fixed by removing its quarantine attribute and that the problem I was having now was only with its command line tools. I emailed the creators of BBEdit and they were very helpful and by changing the setting given here the problem has been fixed.

Improve this answer
1
  • I just ran sudo xattr -dr 'com.apple.quarantine' / 2>/dev/null without any consequences. This attribute is not needed in any way by anything.
    – Bachsau
    Commented Nov 20, 2021 at 13:09

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .