Mac OS X El Capitan System Integrity Protection systems Integrity Protection (SIP)

Source: Internet
Author: User

introduction: The previous time experienced the Xcode compiler code was injected into the event, this time  mac  os X el capitan system upgrade, enabling a higher security protection mechanism: System Integrity protection systems Integrity pro tection (SIP), is by Design? Or is it a coincidence?

for System Integrity Protection systems Integrity Protection (SIP), you canAppleDownload the website to study, from the 29th page to 54 pagesHttp:// ... y_and_your_apps.pdf

Key points:
1. Security policy applying to every process, including privileged code running unsandboxed
2, Extends additional protections to system, on disk, and at runtime
3. System binaries can only is modified by Apple Installer and software Update, and no longer permit runtime attachment or code injection

Apps that are actually downloaded from Mac AppStore are unaffected, and if not, may be affected, such as:
Modify system files, install files into system directory, observe system process memory, inject code into system process medium
The kernel will directly interrupt these destructive work, hahaha.
so for a system like/system/bin/usr/sbin, developers or applications cannot be used directly, and the use of ~/library/usr/local/Applications, after the upgrade, those files will be removed.

injecting code into the system process is equivalent to modifyingHDD, so various security checks are carried out to ensure secure and trustworthy, such as signature checks

the whole mechanism mainly starts from three aspects:
1. File system Protection (Filesystem protections)
2. Runtime protection (runtime protections)
3. Kernel Extended signature (Kernel extensions)

1, the new security policy mechanism applies to each process
2, by default, the system enables the SIP system integrity protection mechanism, whether for the hard disk or the runtime process
Restricting write operations to the system directory
Prevent attaching or injecting code into a system process at run time
3, third-party installed content must be moved into the system directory
4, the SIP system integrity protection mechanism can be changed in the recovery OS State, that is, the leeway ah haha

How do I disable the SIP system integrity protection mechanism?
1, restart the operating system;
2, hold command + R key;
3. Menu "Utility" ==>> "terminal" ==>> input csrutil Disable Enter
after successful execution, the following information is returned:
successfully disabled System Integrity Protection. Please restart the machine for the changes and take effect.
4. In this way, the changedConfigurationsave to NVRAM, take effect on entire machine, reboot

How do I view the SIP system integrity protection mechanism?
Command line terminal
$ csrutil Status
System Integrity Protection status:enabled.

$ csrutil clear/enable/disable can only be used in recovery mode

After you disable SIP, view the status information as follows
$ csrutil Status
System Integrity Protection status:enabled (Custom Configuration).

Apple internal:disabled
Kext signing:disabled
Filesystem protections:disabled
Debugging Restrictions:disabled
DTrace restrictions:disabled
NVRAM protections:disabled

This is a unsupported configuration, likely to broke in the future, and leave your, a unknown state.

then remove the files that were previously upgraded from/library/systemMigration/history The corresponding move back to the original directory, the application is ready to use.

How do I recover an application that has been moved out?
such as mobility Client, enter the terminal, and switch to the root user, and then

MV mobilityclient//usr/libexec/

start Mobility Client again, no need to reinstall, it's so easy!

Mac OS X El Capitan System Integrity Protection systems Integrity Protection (SIP)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.