I have done a Quality scan analysis for my IOS app. I got the below warning:
The binary has Runpath Search Path (@rpath) set. In certain cases an attacker can abuse this feature to run arbitrary executable for code execution and privilege escalation. Remove the compiler option -rpath to remove @rpath.
I searched @rpath and found in my pod-framework.sh and below code I found:
# Embed linked Swift runtime libraries. No longer necessary as of Xcode 7.
if [ "${XCODE_VERSION_MAJOR}" -lt 7 ]; then
local swift_runtime_libs
swift_runtime_libs=$(xcrun otool -LX "$binary" | grep --color=never @rpath/libswift | sed -E s/@rpath\\/\(.+dylib\).*/\\1/g | uniq -u)
for lib in $swift_runtime_libs; do
echo "rsync -auv \"${SWIFT_STDLIB_PATH}/${lib}\" \"${destination}\""
rsync -auv "${SWIFT_STDLIB_PATH}/${lib}" "${destination}"
code_sign_if_enabled "${destination}/${lib}"
done
fi
So can I remove this code? Will it affect my project?
Thanks in advance.
Given that Xcode 7 is over five years old and at least Xcode 11 is required for app store submissions, it would seem safe to delete that code.
However, given that the script code should not be run, the @rpath in the binary is probably coming from something else.