I commented on your Twitter post already, but I'll reiterate here. This is not a vulnerability, it is as intended. By default, you can only install Applications via the App Store on Big Sur, and AppProxyProvider only affects Applications installed via this method.
This has the dual-benefit of protecting casual users, and allowing power-users flexibility with any binaries that aren't sandboxed. From what I understand of your example, you used the bundled python installation to make the connection, the python binary is not sandboxed and is not affected by AppProxyProvider. This will be the case with any other binaries as well -- ping, ssh, etc...
This has the dual-benefit of protecting casual users, and allowing power-users flexibility with any binaries that aren't sandboxed. From what I understand of your example, you used the bundled python installation to make the connection, the python binary is not sandboxed and is not affected by AppProxyProvider. This will be the case with any other binaries as well -- ping, ssh, etc...
The relevant documentation is at: https://developer.apple.com/documentation/networkextension/a...
Specifically the section I've highlighted here: https://share.getcloudapp.com/Z4uyONmJ