-
Notifications
You must be signed in to change notification settings - Fork 34
Open
Description
- As a part of Test on OS X 10.11 El Capitan #26
- OS X 10.11 has a new System Integrity Protection ("rootless") feature enabled by default
- "A new security policy that applies to every running process, including privileged code and code that runs out of the sandbox. The policy extends additional protections to components on disk and at run-time, only allowing system binaries to be modified by the system installer and software updates. Code injection and runtime attachments are no longer permitted." - via What's New in OS X Apple doc
- The most detail I've seen on this so far is via the 706 session, Security and Your Apps talk (WWDC 2015)
- Will need to play around with it in 10.11 still to get a better understanding
- You can disable it, however, requires booting to recovery partition to do so
- The main concern here is of course with SystemKit and process lists (Process/Task API SystemKit#10, Allow use without elevated (root) privileges #8, Proc list display - scrollable & interactive #13). While it won't block the feature entirely, as we can get basic process info without root, we won't be able to match
top(1)or Activity Monitor without it either
Reactions are currently unavailable