Make it a bash script, and it'll run almost anywhere...

Wrong, bash scripts can pop up a series of permission prompts on macOS if you do a full disk scan. They’re only suppressed when directly run from an application like Terminal that’s already been given full disk access or developer tools permission. In fact, sometimes the syscall just silently fails with no permission popup. For instance I have this python script calling an HTTP endpoint on LAN that when run within tmux would sometimes inexplicably fail with no route to host error because it doesn’t have local network scan permission, there’s no permission prompt, and the only solution is to restart the tmux server.

> from an application like Terminal that’s already been given full disk access or developer tools permission

Most likely that includes your IDE?

Not in my case. I only give Terminal and iTerm “Developer Tools” permission. Cursor shows up under “Full Disk Access” with a toggle so it may have requested the permission at some point, but I have it on disable; I don’t see why it needs to reach out of directories I actively open. (And VSCode which I used for years doesn’t even show up there.)

Disclaimer: I’m not sure whether Cursor inherits iTerm’s permissions when launched from CLI. The TCC system is pretty mysterious to me in general.

I have this exact same problem and it drives me absolutely mad.

Actually, this post triggered me to try one more thing to fix this: launch tmux via a LaunchDaemon! It seems to be working.

https://github.com/iloveitaly/dotfiles/commit/b205c51cfb3ad9...

Once the equivalent of "ScreenConnect" is downloaded and run on macOS, I assume Gatekeeper will not let it run?

Why do we pretend executing malicious code is sandboxable?

It is a social problem not a technical problem.

This is basically RCE that can happen on any OS.