|
|
|
|
|
|
by sneak
76 days ago
|
|
|
This is 100% by design and 100% a good thing. “root” aka uid=0 should NOT have unlimited privileges to permanently modify the deepest parts of the OS, as assuming uid=0 is done daily for routine operations. Modifying kernel level stuff should not be possible from this daily use privilege level. It’s an ancient holdover from unix time sharing systems that are approaching a hundred years old. If you think it’s bad, you don’t know why it was built - google Chesterton’s Fence. You, the user, still have 100% ability to modify your system however you choose - if you first clearly indicate that you ARE the user, and not just some random-ass installer running under admin privs, which is a completely normal and common occurrence. A higher privilege level that is used to protect OS integrity is a wonderful thing. If you think there is a better or safer way to access it, please submit your suggestions to Apple, but don’t assume the guardrails around System Integrity Protection (1TR etc) are slapdash or unreasonable or poorly thought out. |
|
|