ANSWERED Eddie 2.24.6 not working on M4 MacOS Sequoia 15.2

[AirBR 1]

Eddie doesnt connect - seems to be an issue with permissions:

 2025.01.16 16:19:26 - Eddie version: 2.24.6 / macos_arm64, System: MacOS, Name: macOS 15.2, Version: 15.2, Framework: v4.0.30319
. 2025.01.16 16:19:26 - Raise system privileges
. 2025.01.16 16:19:33 - Collect network information
. 2025.01.16 16:19:35 - Profile options not found, using defaults.
. 2025.01.16 16:19:36 - OpenVPN - Version: 2.6.12 - OpenSSL 3.3.2 3 Sep 2024, LZO 2.10 (/Applications/Eddie.app/Contents/MacOS/openvpn)
. 2025.01.16 16:19:36 - SSH - Version: OpenSSH_9.8p1, LibreSSL 3.3.6 (/usr/bin/ssh)
. 2025.01.16 16:19:36 - SSL - Version: 5.57 (/Applications/Eddie.app/Contents/MacOS/stunnel)
I 2025.01.16 16:19:36 - Ready
. 2025.01.16 16:19:37 - Collect information about AirVPN completed
I 2025.01.16 16:20:34 - Checking login ...
! 2025.01.16 16:20:35 - Logged in.
I 2025.01.16 16:20:42 - Session starting.
. 2025.01.16 16:20:42 - Activation of Network Lock - macOS - PF
I 2025.01.16 16:20:43 - Checking authorization ...
! 2025.01.16 16:20:44 - Connecting to Mirach (Netherlands, Alblasserdam)
. 2025.01.16 16:20:44 - Routes, add 213.152.162.71/32 for interface "en0".
. 2025.01.16 16:20:44 - WireGuard > Setup start
E 2025.01.16 16:20:44 - WireGuard > Error: Executable '/Applications/Eddie.app/Contents/MacOS/wireguard-go' not allowed: Not owned by root;
. 2025.01.16 16:20:44 - WireGuard > Stopping
. 2025.01.16 16:20:44 - WireGuard > end
! 2025.01.16 16:20:44 - Disconnecting
. 2025.01.16 16:20:44 - Routes, delete 213.152.162.71/32 for interface "en0".
. 2025.01.16 16:20:44 - Collect network information
. 2025.01.16 16:20:45 - Connection terminated.

It then repeatedly trys over and over to connect but same issue in log.

I note that wireguard-go is indeed not owned by root, but by me under the admin group, as are all files in that directory.

-rwxr-xr-x@  1 myuser  admin   3859280  8 Jan 13:41 wireguard-go

Any ideas?

Edited ... by AirBR

[Staff 10050]

11 minutes ago, AirBR said:

Any ideas?

Hello!

Please try to solve the issue by changing ownership of wireguard-go with the command (from a terminal):

sudo chown root /Applications/Eddie.app/Contents/MacOS/wireguard-go

After all, running as root only executable or script files owned by root is a nice security measure providing a complement against privilege escalation.

A question: was your account ownership of that file the default setting you found after the installation? If so, did you install from the ZIP or DMG package?

Kind regards
 

[AirBR 1]

11 minutes ago, Staff said:

Hello!

Please try to solve the issue by changing ownership of wireguard-go with the command (from a terminal):

sudo chown root /Applications/Eddie.app/Contents/MacOS/wireguard-go

After all, running as root only executable or script files owned by root is a nice security measure providing a complement against privilege escalation.

A question: was your account ownership of that file the default setting you found after the installation? If so, did you install from the ZIP or DMG package?

Kind regards
 

Hi,
  This was the default untouched settings of these files after DMG package install.

Additionally, trying to use the above to change ownership fails:

myuser@myusers-Mac-mini MacOS % sudo chown root /Applications/Eddie.app/Contents/MacOS/wireguard-go
Password:
chown: /Applications/Eddie.app/Contents/MacOS/wireguard-go: Operation not permitted

<did a sudo -i>

myusers-Mac-mini:MacOS root# ls -al
total 100504
drwxr-xr-x@ 17 myuser  admin       544  8 Jan 14:40 .
drwxr-xr-x@  8 myuser  admin       256  8 Jan 14:40 ..
-rwxr-xr-x@  1 myuser  admin  18430416  8 Jan 13:57 Eddie-CLI
-rwxr-xr-x@  1 myuser  admin   8699552  8 Jan 13:57 Eddie-UI
-rwxr-xr-x@  1 myuser  admin    616176  8 Jan 13:41 eddie-cli-elevated
-rwxr-xr-x@  1 myuser  admin    240640  8 Jan 13:41 eddie-cli-elevated-service
-rwxr-xr-x@  1 myuser  admin   9583632  8 Jan 13:41 hummingbird
-rw-r--r--@  1 myuser  admin    225440  8 Jan 13:41 libLib.Platform.MacOS.Native.dylib
-rw-r--r--@  1 myuser  admin   4435392  8 Jan 13:41 libcrypto.3.dylib
-rw-r--r--@  1 myuser  admin    209488  8 Jan 13:41 liblz4.dylib
-rw-r--r--@  1 myuser  admin    195744  8 Jan 13:41 liblzo2.2.dylib
-rw-r--r--@  1 myuser  admin    211008  8 Jan 13:41 libpkcs11-helper.1.dylib
-rw-r--r--@  1 myuser  admin    970592  8 Jan 13:41 libssl.3.dylib
-rwxr-xr-x@  1 myuser  admin    892144  8 Jan 13:41 openvpn
-rwxr-xr-x@  1 myuser  admin   2739440  8 Jan 13:41 stunnel
-rwxr-xr-x@  1 myuser  admin    123952  8 Jan 13:41 wg
-rwxr-xr-x@  1 myuser  admin   3859280  8 Jan 13:41 wireguard-go
myusers-Mac-mini:MacOS root# chown root wireguard-go
chown: wireguard-go: Operation not permitted
myusers-Mac-mini:MacOS root#
  Edited ... by AirBR

[Staff 10050]

7 minutes ago, AirBR said:

Additionally, trying to use the above to change ownership fails:

myuser@myusers-Mac-mini MacOS % sudo chown root /Applications/Eddie.app/Contents/MacOS/wireguard-go
Password:
chown: /Applications/Eddie.app/Contents/MacOS/wireguard-go: Operation not permitted

Hello!

A possible reason for which the superuser itself is not authorized to change file ownership is the immutability of that file (or directory). In this case the superuser must first turn off the immutable flag and then modify ownership.
Another possible reason is the immutability of specific parts of the system à la FreeBSD. In this case turning off the immutable flag may require the system startup in single user mode.

Please check whether wireguard-go has any immutable flags set.

ls -lO Applications/Eddie.app/Contents/MacOS/wireguard-go

If the file has immutable flags (uchg or schg), try to remove them with the command:

sudo chflags nouchg /Applications/Eddie.app/Contents/MacOS/wireguard-go

 

7 minutes ago, AirBR said:

This was the default untouched settings of these files after DMG package install.

Thanks, we'll warn the packager.

Kind regards
 

[AirBR 1]

Just now, Staff said:

Hello!

A possible reason for which the superuser itself is not authorized to change file ownership is the immutability of that file (or directory). In this case the superuser must first turn off the immutable flag and then modify ownership.

Another possible reason is the immutability of specific parts of the system à la BSD. In this case turning off the immutable flag may require the startup in single user mode.
 
Thanks, we'll warn the packager.

Kind regards
 

Ok, so i got chown working, the "Terminal" app did not have permission to modify system files and i missed the notification advising this.

After fixing that i had to change wireguard-go and wg to be owned by root to allow Eddie to work, but it is now connecting.