Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I want that feature on cause I dont want stuff I dont know about looking and changing stuff I dont know about, whether it's running with escalated privileges or not


I doubt you (or any human) is capable of enumerating what you don't want looked at. Frankly, I doubt most of this unknown area is covered by SIP at all, and it would be extremely odd if it did. Perhaps you might consider arguing for actual permissions rather than arbitrarily walling off the OS in a way that tangentially benefits the monopoly Apple holds over their own computers.

Wouldn't it be far easier to enumerate what you want an app to access?


SIP means not messing with the system files, enumerated thusly: /System.

Enumerating what I do want an app to access is handled by Gatekeeper.


> SIP means not messing with the system files, enumerated thusly: /System.

...and all its children, which is effectively the entire operating system

> Enumerating what I do want an app to access is handled by Gatekeeper.

Gatekeeper is not capable of this.


It's among the things Gatekeeper does, isn't it? As configured with PPPC?


It's actually a larger list available in /System/Library/Sandbox/rootless.conf


Why would it be running with escalated privileges if you don't know what it is ?


I feel like you're assuming that applications have to be honest about what they are when they request a user-prompted permission. SIP makes that irrelevant.


No, I'm assuming that you know what you install and that apps run with the same rights your user has. Your user can't touch /System, so shouldn't the app




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: