Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

System Integrity Protection sounds really important. What does it do normally, and why does this tool require it to be disabled?


SIP is secure boot for macOS.

It's intended to prevent malware from changing system files due to rogue permissions or escalation. With SIP enabled, even the root/sudo user doesn't have rights to change these files.

It also refuses to boot a system with drivers that are not signed by Apple, so as to deter malware from using drivers as an attack vector.

https://en.wikipedia.org/wiki/System_Integrity_Protection


> SIP is secure boot for macOS.

Not really. «Secure Boot» is intended to secure the boot process through signature verification. However the security model is completely broken, https://arstechnica.com/information-technology/2023/03/unkil...

SIP is a protection layer which protects system files from modification also after the system is booted.


Apple ships a non-broken secure boot, unlike almost everyone else.


It's meant to protect the base OS from persistent malware infections. https://support.apple.com/en-us/102149


Also against accidentally deleting /usr.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: