undefined | Better HN

0 pointsdigitalsushi2y ago0 comments

I want that feature on cause I dont want stuff I dont know about looking and changing stuff I dont know about, whether it's running with escalated privileges or not

0 comments

diogenes42y ago

I doubt you (or any human) is capable of enumerating what you don't want looked at. Frankly, I doubt most of this unknown area is covered by SIP at all, and it would be extremely odd if it did. Perhaps you might consider arguing for actual permissions rather than arbitrarily walling off the OS in a way that tangentially benefits the monopoly Apple holds over their own computers.

Wouldn't it be far easier to enumerate what you want an app to access?

jmbwell2y ago

SIP means not messing with the system files, enumerated thusly: /System.

Enumerating what I do want an app to access is handled by Gatekeeper.

diogenes42y ago

> SIP means not messing with the system files, enumerated thusly: /System.

...and all its children, which is effectively the entire operating system

> Enumerating what I do want an app to access is handled by Gatekeeper.

Gatekeeper is not capable of this.

1 more reply

saagarjha2y ago

It's actually a larger list available in /System/Library/Sandbox/rootless.conf

rakoo2y ago

Why would it be running with escalated privileges if you don't know what it is ?

dkonofalski2y ago

I feel like you're assuming that applications have to be honest about what they are when they request a user-prompted permission. SIP makes that irrelevant.

rakoo2y ago

No, I'm assuming that you know what you install and that apps run with the same rights your user has. Your user can't touch /System, so shouldn't the app

j / k navigate · click thread line to collapse

0 comments

diogenes42y ago

Wouldn't it be far easier to enumerate what you want an app to access?

jmbwell2y ago

SIP means not messing with the system files, enumerated thusly: /System.

Enumerating what I do want an app to access is handled by Gatekeeper.

diogenes42y ago

> SIP means not messing with the system files, enumerated thusly: /System.

...and all its children, which is effectively the entire operating system

> Enumerating what I do want an app to access is handled by Gatekeeper.

Gatekeeper is not capable of this.

1 more reply

saagarjha2y ago

It's actually a larger list available in /System/Library/Sandbox/rootless.conf

rakoo2y ago

Why would it be running with escalated privileges if you don't know what it is ?

dkonofalski2y ago

I feel like you're assuming that applications have to be honest about what they are when they request a user-prompted permission. SIP makes that irrelevant.

rakoo2y ago

No, I'm assuming that you know what you install and that apps run with the same rights your user has. Your user can't touch /System, so shouldn't the app

j / k navigate · click thread line to collapse