| Title | New OSX Weakens Root Account | |
| Date | Thursday October 08 2015, @06:27AM | |
| Author | CoolHand | |
| Topic | ||
| from the great-security-ideas dept. | ||
http://www.infoworld.com/article/2988096/mac-os-x/sorry-unix-fans-os-x-el-capitan-kills-root.html
If you haven't heard, Apple has locked out root from various file system paths and core functions in Mac OS X 10.11 El Capitan. The new sheriff here is System Integrity Protection (SIP), which reduces root privileges in an attempt to increase security.
The gist is that no user -- not even root -- can write to /usr, /bin, /System, and /sbin or debug protected processes. Apple has also removed the ability to use unsigned kernel extensions through boot-time flags. It's important to note that SIP can be disabled, through the recovery partition, but this will typically be done only for development and testing purposes.
From a Unix purity perspective, this ain't great. There's a reason that root exists, and there's a reason why root has omnipotent access to the system. It's part of the Unix philosophy. That said, Mac OS X 10.11 may be Unix, but it's not a server. It may not even be a workstation in the traditional sense anymore. It's now a desktop OS exclusively, and treatments like this should be expected.
| Links |
printed from SoylentNews, New OSX Weakens Root Account on 2024-04-24 23:56:53