@saagar It’s broadly equivalent to running Mac OS X 10.10 and earlier.

@lapcatsoftware No

@saagar Why not?

@lapcatsoftware SIP is now the only line of defense for many things

@saagar There was a defense before SIP?

@lapcatsoftware Assuming they didn’t just let you log in without a password sure

@saagar Could you be less vague? You said it was a reminder, but I’m not reminded of anything, and if I’m not, then I’m not sure who would be.

@lapcatsoftware @saagar not sure exactly what saagar is thinking of, but there are various entitlements which grant an executable root-like abilities as a normal user, and without sip, not much is there to stop a malicious process from granting entitlements to other executables under its control

@joe @lapcatsoftware Exactly this. The post above was a reference to the time Apple accidentally allowed anyone to log in without a password which of course did not involve SIP at all

@lapcatsoftware @saagar i didn't have an exploit per se in mind, but one thing i was recently playing with in a side project was creating virtual network interfaces with vmnet.framework. creating an interface typically requires root, but if apple grants your executable the `com.apple.vm.networking` entitlement, then that executable can do so as a regular user, or even in the sandbox. but the mechanisms that ensure #OnlyApple can grant that entitlement rely on SIP, AIUI

@lapcatsoftware @saagar i suppose that isn't so different from setuid binaries though