Since balenaEtcher requires administrative privileges to write to USB drives, we would like to setuid the balenaEtcher.app executable so that a “common user” can use this tool without providing elevated credentials. Unfortunately, this does not work since executable_path cannot be in used in any binary in a setuid process. This is enforced by dyld (source here) when attempting to load the Electron framework relative to the current executable path.
testmac: ~$ chmod 4755 /Applications/balenaEtcher.app/Contents/MacOS/balenaEtcher testmac: ~$ /Applications/balenaEtcher.app/Contents/MacOS/balenaEtcher --debug dyld: warning, LC_RPATH @executable_path/../Frameworks in /Applications/balenaEtcher.app/Contents/MacOS/balenaEtcher being ignored in restricted program because of @executable_path dyld: Library not loaded: @rpath/Electron Framework.framework/Electron Framework Referenced from: /Applications/balenaEtcher.app/Contents/MacOS/balenaEtcher Reason: image not found Abort trap: 6
Could this be addressed by some other means? perhaps by using rpath instead of executable path as indicated here [https://wincent.com/wiki/@executable_path,@load_path_and@rpath]