Presumably keeping normal uses of system programs from being subverted (even if they're not running privileged, i.e. setuid/setgid). There is probably some benefit to normal uses, but it's demonstrably trivial to work around if one already has full control.
I tend to think they went overboard, and/or this wasn't well designed, although I suspect that if number of users benefited vs adversely affected is the only measure, it may work as intended. My impression is that at the very least, there are a number of cases of legitimate configuration that aren't supported. Fine-grained permissions (an alternative to all-powerful root) in Solaris make some sense, for example; this reminds me more of the 3rd party open-source "Papillion" module for Solaris, which could lock down or blacklist or restrict to user view certain features, but wasn't really comprehensive. Were I to take a really wild guess, some of the thinking of how to do this (in principle, if not detail) may have come from the iOS/OS X cross-pollination. But what's appropriate on a mobile device (assuming you agree they should be locked down) isn't necessarily appropriate on a general purpose system. It wouldn't take a lot of change to accommodate doing much better; just allow an overriding per-system config file that updates didn't touch, that could add exceptions to the directories and files protected by SIP. If one wanted to be paranoid, one could then have that file lock itself down, too, once one had it the way one wanted. That way, nobody would ever have to turn off SIP (except temporarily, to set up that file if they wanted it). > On Oct 4, 2015, at 01:42, Sven Kolja Heinemann <w...@bachsau.name> wrote: > > Where is the security benefit from this, that Apple wants to Achieve? > > Am 03.10.2015 um 22:30 schrieb Richard L. Hamilton <rlha...@smart.net > <mailto:rlha...@smart.net>>: > >> But it's so easy to test that theory: :-) >> sh-3.2# dtruss /bin/sh >> dtrace: failed to execute /bin/sh: dtrace cannot control executables signed >> with restricted entitlements >> sh-3.2# dtruss /net/localhost/bin/sh >> sh-3.2# SYSCALL(args) = return >> thread_selfid(0x0, 0x0, 0x0) = 867702 0 >> csops(0x0, 0x0, 0x7FFF563BF720) = 0 0 >> issetugid(0x0, 0x0, 0x7FFF563BF720) = 0 0
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
