Hardened Runtime options

I’d like to start a conversation on the known “Hardened Runtime Options” that are needed for certain functions when Hardened Runtime is applied during the code signing process.

The two that I know of are.

  1. Xojo Script requires “Allow JIT-Compiling” & “Allow Unsigned memory”.
  2. Some plugins show a dialog on launch that they can’t be found, for this you need the “Disable Library Validation” option.

I’ve also added a GUI to App Wrapper 3.9.1 Beta 6 (I should really call them Alphas as I’m adding features). You can download this version from:

If you’re not using the App Sandbox, switch the “App Sandbox” popup menu to read “Entitlements Only”.

If anyone finds any more, please share them here to help us all out.

Thanks for the efforts!!

Is there some more explanation what/when “Allow Unsigned memory” is needed?
I saw this mentioning on many forums when doing Hardened Runtimes.


[quote]A Boolean value that indicates whether the app may create writable and executable memory without using the MAP_JIT flag.
Key: com.apple.security.cs.allow-unsigned-executable-memory[/quote]

So yeah, you’re right. It might not actually be needed, as according to Apple’s documentation, it’s covered via JIT-Compiling. When I have some free time, I’ll test it out.