[wilhil]

Probably the dumbest thing I've said, but, just skim read as I'm no expert and these detailed reports go over my head.

Why is it such a bad vulnerability if it requires a sudo command?

[saagarjha]

On macOS, certain system components are intended to be protected even if you have administrator/root access to the machine. The intent is that a rogue daemon running as root shouldn't be able to e.g. delete OS files or inject itself into the permissions database ("give me ALL THE PERMISSIONS") without your consent. This protection system is called SIP, or "System Integrity Protection". The bug in the blog post bypasses this protection and demos it by overwriting one of these protected files that is not usually modifiable by root.

[Mandatum]

It’s similar to SYSTEM account access in Windows

[anthk]

Indeed, I was about to say literally this.

[pxc]

> a rogue daemon running as root

Why would daemons be running as root in 2022? What does that anymore, especially on macOS?

[ta988]

If only we had something like that on Linux systems. I wonder how that work on the kernel side.

[eslaught]

SELinux?

[ta988]

Can be disabled and the rules changed by root.

[josephcsible]

The entire value proposition of SIP is that it can supposedly protect you from certain attacks even if the attacker has root.