introduction: The previous time experienced the Xcode compiler code was injected into the event, this time mac os X el capitan system upgrade, enabling a higher security protection mechanism: System Integrity protection systems Integrity pro tection (SIP), is by Design? Or is it a coincidence?
for System Integrity Protection systems Integrity Protection (SIP), you canAppleDownload the website to study, from the 29th page to 54 pagesHttp://devstreaming.apple.com/vi ... y_and_your_apps.pdf
Key points:
1. Security policy applying to every process, including privileged code running unsandboxed
2, Extends additional protections to system, on disk, and at runtime
3. System binaries can only is modified by Apple Installer and software Update, and no longer permit runtime attachment or code injection
Apps that are actually downloaded from Mac AppStore are unaffected, and if not, may be affected, such as:
Modify system files, install files into system directory, observe system process memory, inject code into system process medium
The kernel will directly interrupt these destructive work, hahaha.
so for a system like/system/bin/usr/sbin, developers or applications cannot be used directly, and the use of ~/library/usr/local/Applications, after the upgrade, those files will be removed.
injecting code into the system process is equivalent to modifyingHDD, so various security checks are carried out to ensure secure and trustworthy, such as signature checks
the whole mechanism mainly starts from three aspects:
1. File system Protection (Filesystem protections)
2. Runtime protection (runtime protections)
3. Kernel Extended signature (Kernel extensions)
Summarize:
1, the new security policy mechanism applies to each process
2, by default, the system enables the SIP system integrity protection mechanism, whether for the hard disk or the runtime process
Restricting write operations to the system directory
Prevent attaching or injecting code into a system process at run time
3, third-party installed content must be moved into the system directory
4, the SIP system integrity protection mechanism can be changed in the recovery OS State, that is, the leeway ah haha
How do I disable the SIP system integrity protection mechanism?
1, restart the operating system;
2, hold command + R key;
3. Menu "Utility" ==>> "terminal" ==>> input csrutil Disable Enter
after successful execution, the following information is returned:
successfully disabled System Integrity Protection. Please restart the machine for the changes and take effect.
4. In this way, the changedConfigurationsave to NVRAM, take effect on entire machine, reboot
How do I view the SIP system integrity protection mechanism?
Command line terminal
$ csrutil Status
System Integrity Protection status:enabled.
$ csrutil clear/enable/disable can only be used in recovery mode
After you disable SIP, view the status information as follows
$ csrutil Status
System Integrity Protection status:enabled (Custom Configuration).
Configuration:
Apple internal:disabled
Kext signing:disabled
Filesystem protections:disabled
Debugging Restrictions:disabled
DTrace restrictions:disabled
NVRAM protections:disabled
This is a unsupported configuration, likely to broke in the future, and leave your, a unknown state.
then remove the files that were previously upgraded from/library/systemMigration/history The corresponding move back to the original directory, the application is ready to use.
How do I recover an application that has been moved out?
such as mobility Client, enter the terminal, and switch to the root user, and then
Su-
Cd/library/systemmigration/history/migration-*/quarAntineroot/usr/libexec
MV mobilityclient//usr/libexec/
start Mobility Client again, no need to reinstall, it's so easy!
Mac OS X El Capitan System Integrity Protection systems Integrity Protection (SIP)
