SIP and macOS Sierra?

Status
Not open for further replies.
Chromatinfish 123

Chromatinfish 123

Level 21
Thread author
Verified
May 26, 2014
1,051
I've looked at the new macOS and it seems ok, not really worth an upgrade, but can you still disable SIP with:
Code: 
csrutil disable
?

Rootless really bugs me for technical reasons and it's vital for me to disable it (well, SIP is the real name for it since root account still exists).
 
X

XIII

Level 5
Verified
Sep 20, 2016
162
I did the upgrade a week ago and I'm happy with it. Is it a performance increase? Not that I can tell. Is it a performance decrease? Not that I can tell. Am I using Siri or any of the features? No. Am I on the latest version of macOS? Yup. I think this last bit is very important for all technology.

Edit: Checking now.
Edit: Yes it does.
 
  • Like
Reactions: Chromatinfish 123
Chromatinfish 123

Chromatinfish 123

Level 21
Thread author
Verified
May 26, 2014
1,051
Thanks- I will upgrade ASAP because of the security factor (Apple will probably not patch Yosemite any further). I definitely, however, am probably not going to be using the Siri.
 
iangcarroll

iangcarroll

Level 1
Jan 24, 2016
9
Yes, you can still disable SIP.

Disabling it is a fairly bad idea, because it is also a flag for allowing certain privileged calls to be made from unprivileged applications. No idea why.

If you do kernel development, you might be stuck disabling it, but try to avoid it when you can.
 
  • Like
Reactions: motox781
Oh Yeah

Oh Yeah

New Member
Nov 7, 2016
1
iangcarroll said:
Yes, you can still disable SIP.

Disabling it is a fairly bad idea, because it is also a flag for allowing certain privileged calls to be made from unprivileged applications. No idea why.

If you do kernel development, you might be stuck disabling it, but try to avoid it when you can.
Click to expand...

Hey man, thanks for jumping on the bandwagon. I mean, I know it's tough being original and all, but the "you may not want to disable SIP if you can help it" thing is a overdone even for trend-slaves, don't you think? 90% of people who say it don't even have an idea why you "may not want to". And what of the poor sysadmins running around the 10 million+ Unix/Linux machines all day without SIP to save them?

Weep for the SIP-less SysAdmins.

All hail Apple and their ceding of control of the hardware you purchased with your own money. They know what's best. After all, a million bandwagon-jumpers can't be wrong.

LOL@kernel development. Yeah, that's the only reason to disable SIP. Kernel development. ROFLMAO.

Hey, you tried, I'll give you that.
 
motox781

motox781

Level 10
Verified
Well-known
Apr 1, 2015
483
I know this is off subject, but I had a Macbook Pro 2015 model. Used Elcapitan. Hated MacOS. Much more sugglish than Windows OS. Must be the animations. But Apple makes some of the best Windows PCs ;P Beautiful screens and well built.

Anyway, back on topic...
 
iangcarroll

iangcarroll

Level 1
Jan 24, 2016
9
Oh Yeah said:
Hey man, thanks for jumping on the bandwagon. I mean, I know it's tough being original and all, but the "you may not want to disable SIP if you can help it" thing is a overdone even for trend-slaves, don't you think? 90% of people who say it don't even have an idea why you "may not want to". And what of the poor sysadmins running around the 10 million+ Unix/Linux machines all day without SIP to save them?

Weep for the SIP-less SysAdmins.

All hail Apple and their ceding of control of the hardware you purchased with your own money. They know what's best. After all, a million bandwagon-jumpers can't be wrong.

LOL@kernel development. Yeah, that's the only reason to disable SIP. Kernel development. ROFLMAO.

Hey, you tried, I'll give you that.
Click to expand...

I want to reply to your comment but I don't know what to reply to. You didn't really make a point. All of what SIP does can be worked around in applications. It's a valuable security mitigation against future malware which limits how malware can persist on your system, and usually forces you to persist as the current user or in the kernel, both annoying options.

It is annoying to disable, but it is practically the only way to safely provide a way to disable it. It gets messy if you provide a protected UI for it like UAC, because it's easier to social engineer.

I found out after posting this that csrutil allows selective disabling of SIP features, like file system protection. I haven't looked to see if this remedies the issue of the clock and certain system services (like SSH) being controllable from unprivileged users, but that may help the OP and others.
 
Status
Not open for further replies.

Similar threads

MuzzMelbourne
    • HaHa
    • Like
Apple fixed a vulnerability discovered by Microsoft researchers
Replies
2
Views
797
News Archive
MuzzMelbourne
MuzzMelbourne
silversurfer
    • Like
    • +Reputation
New Update iOS 15.7.9, iPadOS 15.7.9, macOS 12.6.9 and macOS 11.7.10
Replies
0
Views
512
macOS, iOS & iPadOS
silversurfer
silversurfer
Ink
    • Like
    • Wow
Serious Discussion Boot Failures affecting 14"/16" MBP with ProMotion displays running macOS 14 and 13.6
Replies
0
Views
337
macOS, iOS & iPadOS
Ink
Ink

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top