Since balenaEtcher requires administrative privileges to write to USB drives, we would like to setuid the balenaEtcher.app executable so that a “common user” can use this tool without providing elevated credentials. Unfortunately, this does not work since executable_path cannot be in used in any binary in a setuid process. This is enforced by dyld (source here) when attempting to load the Electron framework relative to the current executable path.
testmac: ~$ chmod 4755 /Applications/balenaEtcher.app/Contents/MacOS/balenaEtcher
testmac: ~$ /Applications/balenaEtcher.app/Contents/MacOS/balenaEtcher --debug
dyld: warning, LC_RPATH @executable_path/../Frameworks in /Applications/balenaEtcher.app/Contents/MacOS/balenaEtcher being ignored in restricted program because of @executable_path
dyld: Library not loaded: @rpath/Electron Framework.framework/Electron Framework
Referenced from: /Applications/balenaEtcher.app/Contents/MacOS/balenaEtcher
Reason: image not found
Abort trap: 6
Could this be addressed by some other means? perhaps by using rpath instead of executable path as indicated here [https://wincent.com/wiki/@executable_path,@load_path_and@rpath]
Thanks!