Saagar JhaThis is your reminder that having SIP turned off allows trivial escalation to root and disabling part of SIP is broadly equivalent, security wise, to disabling the whole thing
Jeff Johnson@saagar It’s broadly equivalent to running Mac OS X 10.10 and earlier.
@saagar Why not?
@lapcatsoftware SIP is now the only line of defense for many things
@saagar There was a defense before SIP?
@lapcatsoftware Assuming they didn’t just let you log in without a password sure
ran mak@saagar @lapcatsoftware none of this makes any sense. if it's trivial, what's the way? i'll report it as a bug.
if you can't tell me what it is, is it a zero day? are reminding us that there are 0-day vulnerabilities at any given time?
only macos uses SIP, so you're saying everyone else is insecure or macos is insecure by design ?
@ranvel @lapcatsoftware What Joe said here: https://f.duriansoftware.com/@joe/116134278291526557. There are always a handful of these present at any given time, and Apple does not consider them bugs because they view SIP as a security boundary so any report that starts with “first, disable SIP…” is discarded
Joe Groff󠄱󠄾󠅄󠄸󠅂󠄿󠅀󠄹󠄳󠅏 (@[email protected])
@[email protected] @[email protected] not sure exactly what saagar is thinking of, but there are various entitlements which grant an executable root-like abilities as a normal user, and without sip, not much is there to stop a malicious process from granting entitlements to other executables under its control
@ranvel @lapcatsoftware Other platforms are often really broken which is well documented online but my point here is really that macOS can be even more broken if SIP is off because the default is that you are supposed to have it on. There are designs that require its existence
@lapcatsoftware @ranvel Put another way, the design of SIP makes it possible to architect security boundaries that are not possible on other systems, but when you take away the protection, they fail in completely different ways. It’s an orthogonal security feature
@lapcatsoftware @ranvel On another OS, code running as your user cannot perform privileged actions because, well, that would give you that privilege. On macOS code running as you but written by Apple can do whatever it wants and SIP is effectively what enforces this