Saagar JhaThis is your reminder that having SIP turned off allows trivial escalation to root and disabling part of SIP is broadly equivalent, security wise, to disabling the whole thing
tbodt@saagar allowing untrusted kexts though? given that changing a kext requires reboot and auth just like disabling sip?
@tbodt I don’t think there is an easy way to install a kext but given that I basically never do this I doubt anyone really cares at this point
@saagar i mean like, if you partially disable sip to load a kext, and that kext is safe, and you never change it, that's better security-wise than sip fully disabled. right?
@tbodt No, I don’t think so, because a lot of stuff checks for SIP being disabled which means any flag counts