0

I had a debate with a friend about the security model in new OS X versions. OS X El Capitan and newer have the System Integrity Protection security feature which protects aspects of the OS even from root users.

My friend claimed that it's secure by design to the extent that a root user can't read protected files, for example files on the desktop. I find it hard to believe since the root user has so many power, there are probably ways to read any file, for example by reading the filesystem directly or via other means.

My question, which I searched but didn't find an answer, is: Can a root user in OS X read protected files, bypassing System Integrity Protection? Or is the design so good that there's no way do to that even for a root user?

Paul
  • 583
  • 5
  • 8
  • Given the goals of SIP, Apple probably does its best to ensure root cannot bypass it. But as with all software, there will be vulnerabilities. – nobody Feb 12 '22 at 17:24
  • I don't mean CVEs and zero days, I mean by design. It's indeed impressive if by design, root is not able to read files on the desktop. – Paul Feb 12 '22 at 17:27
  • Well it seems like the whole point of SIP is to prevent even root from modifying certain parts of the system. It would make no sense to leave any way for root to bypass it by design. (I don't think SIP is for files on desktop though. From what I'm reading, SIP is intended to protect certain system resources only.) – nobody Feb 12 '22 at 17:37
  • Is SIP something similar to Linux's lockdown functionality? – forest Mar 14 '22 at 23:16

1 Answers1

0

Your friend is wrong for two reasons.

First, as its name says, System Integrity Protection protects the integrity, not the confidentiality of the system. In other words, it prevents unauthorized modification but not unauthorized reading.

And second, it protects the integrity of the system, not the users. That is, it prevents unauthorized modification of specific critical system-owned files and directories, but the protection does not extend to files on a user's desktop.

Tilman Schmidt
  • 871
  • 4
  • 7
  • To counter his argument, can you demonstrate how an administrator can read files from the desktop folder (or any other protected folder) with sudo? I didn't find a way, unless [I add permissions to the relevant app](https://i.imgur.com/TNWEO5k.png). – Paul Feb 12 '22 at 20:34