Hacker News new | ask | show | jobs
by saagarjha 1421 days ago
On macOS, certain system components are intended to be protected even if you have administrator/root access to the machine. The intent is that a rogue daemon running as root shouldn't be able to e.g. delete OS files or inject itself into the permissions database ("give me ALL THE PERMISSIONS") without your consent. This protection system is called SIP, or "System Integrity Protection". The bug in the blog post bypasses this protection and demos it by overwriting one of these protected files that is not usually modifiable by root.
3 comments
Mandatum 1421 days ago
It’s similar to SYSTEM account access in Windows
link
anthk 1421 days ago
Indeed, I was about to say literally this.
link
pxc 1421 days ago
> a rogue daemon running as root

Why would daemons be running as root in 2022? What does that anymore, especially on macOS?

link
ta988 1421 days ago
If only we had something like that on Linux systems. I wonder how that work on the kernel side.
link
eslaught 1421 days ago
SELinux?
link
ta988 1420 days ago
Can be disabled and the rules changed by root.
link