Skip to main content

How to Disable System Integrity Protection(SIP) or rootless mode in OS X El Capitan.

System Integrity Protection or Rootless mode is a security feature of OS X El Capitan operating system  by Apple Inc. It protects certain system processes, file and folders from being modified or tampered with by other processes even when executed by the root user or by a user with root privileges(sudo). Following are the the key concepts of System Integrity Protection.

1. System Locations Cannot Be Written To  -  System files can be modified only by system processes signed with Apple’s code signing identity. App processes should instead write to locations designated for third-party developers.

The following directories can only be written to by the system: 

System-Only Locations 

    ● /bin 
    ● /sbin 
    ● /usr 
    ● /System 

In contrast, the following directories are available to any process: 

Locations Available to Developers 
    ● /usr/local 
    ● /Applications 
    ● [~]/Library 

All directories in /usr except for /usr/local are restricted to the system. Apple app directories in /Applications are restricted to the system.



           
2. System Processes Cannot Be Attached To  - System binaries can be modified only by Apple Installer and Software Update from Apple-provided packages, and no longer permit runtime attachment or code injection.



3. Kernel Extensions Must Be Signed - Kernel extensions must be signed with a Developer ID for Signing Kexts certificate.


Security configuration is stored in NVRAM rather than in the file system itself. As a result, this configuration applies to all installations of OS X across the entire machine and persists across OS X installations that support System Integrity Protection.


System Integrity Protection can be configured using the csrutil(1) command.

The following command will check the status of the SIP on the system.

$ csrutil status 
System Integrity Protection status: enabled.

To enable or disable System Integrity Protection, you must boot to Recovery partition and run the csrutil  command from the Terminal. 

       1. Boot to Recovery OS by restarting your machine and holding down the Command and R keys at startup. 
       2. Launch Terminal from the Utilities menu. 
       3. Enter the following command: 
              $ csrutil disable 
      
       Note:  After enabling or disabling System Integrity Protection on a machine, a reboot is required.

For more information on SIP, click here


Labels:

Comments

Post a Comment

Popular posts from this blog

How to extract signing certificates from macOS binary files

Code signing is a macOS security technology that you use to certify that an app was created by you. Once an app is signed, the system can detect any change to the app—whether the change is introduced accidentally or by malicious code. As Apple Developer site says ( click here for more details  on code signing) : code signing allows the operating system to: Ensure that a piece of code has not been altered since it was signed.  The system can detect even the smallest change, whether it was intentional (by a malicious attacker, for example) or accidental (as when a file gets corrupted). When a code signature is intact, the system can be sure the code is as the signer intended. Identify code as coming from a specific source (a developer or signer).  The code signature includes cryptographic information that unambiguously points to a particular author. Determine whether code is trustworthy for a specific purpose.  Among other things, a developer can use a ...
Post a Comment
Read more

How to find firmware or boot ROM version in Mac OS X

Firmware and boot ROM version of your mac can be found in two ways. Way 1 : 1. From "Apple" menu , choose "About This Mac" menu item. 2. Click " More Info " to open "System Profiler" application. 3. Under Contents -> Select Hardware Tree item. On the right side panel Under hardware overview section, we can see Boot ROM Version and SMC (Firmware) Version. Way 2 : Run the below command in terminal to get boot ROM version and SMC(firmware) version : $ system_profiler SPHardwareDataType | grep -i "Version" | awk -F ':' '{print $1 $2}'
6 comments
Read more

How to get a certificate fingerprint as SHA-256, SHA-1 or MD5 using OpenSSL on mac

As per my old post ( http://anandmpandit.blogspot.in/2016/11/how-to-extract-signing-certificates.html ) , we can extract the binary signing certificates on mac using codesign tool. If you needed to get fingerprint details of the certificate in MD5, SHA1 or SHA256 format then you have run below steps on the extracted certificate file on macOS. SHA256: SHA256 Fingerprint=D3:0A:32:6C:77:77:93:B5:45:20:AC:C0:D4:7E:3A:84:34:50:96:54:08:7F:7D:63:4C:3E:06:3B:E8:1F:C1:90 SHA1: SHA1 Fingerprint=BF:2C:93:1F:BD:88:E5:4C:96:D8:86:D5:F1:E6:9B:B7:DE:76:51:62 MD5: MD5 Fingerprint=3C:A3:3B:76:6D:AE:3F:4B:4E:B2:AA:66:97:55:B8:76
Post a Comment
Read more