SIP
E906658
SIP is a macOS security technology that restricts system-level modifications to protect the operating system from malware and accidental damage.
Observed surface forms (1)
| Surface form | Occurrences |
|---|---|
| System Integrity Protection | 0 |
Statements (49)
| Predicate | Object |
|---|---|
| instanceOf |
macOS security feature
ⓘ
operating system protection mechanism ⓘ |
| abbreviation | SIP NERFINISHED ⓘ |
| affects | root user capabilities ⓘ |
| canBeDisabled | true ⓘ |
| configuration | enabled or disabled globally ⓘ |
| configurationTool | csrutil ⓘ |
| defaultState | enabled ⓘ |
| designGoal |
enforce integrity of system files and processes
ⓘ
limit damage from compromised root account ⓘ |
| developer | Apple Inc. ⓘ |
| disableMethod | using macOS Recovery environment ⓘ |
| documentedIn | Apple Platform Security documentation NERFINISHED ⓘ |
| enforcementLevel | kernel level ⓘ |
| feature | rootless security model ⓘ |
| implementedWith |
code signing enforcement
ⓘ
kernel-level checks ⓘ protected file system paths ⓘ |
| introducedBy | Apple Inc. NERFINISHED ⓘ |
| introducedIn | OS X El Capitan NERFINISHED ⓘ |
| introducedInVersion | OS X 10.11 NERFINISHED ⓘ |
| operatingSystem | macOS ⓘ |
| platform | Mac NERFINISHED ⓘ |
| protects |
/System directory
ⓘ
/bin directory ⓘ /sbin directory ⓘ /usr (excluding /usr/local) ⓘ certain system processes ⓘ kernel extensions loading process ⓘ pre-installed Apple applications ⓘ |
| purpose |
prevent accidental system damage
ⓘ
protect macOS from malware ⓘ restrict system-level modifications ⓘ |
| relatedTo |
FileVault
NERFINISHED
ⓘ
Gatekeeper NERFINISHED ⓘ XProtect NERFINISHED ⓘ |
| requires | reboot to change state ⓘ |
| restricts |
debugging of protected system processes
ⓘ
injection of code into protected processes ⓘ loading of unsigned kernel extensions ⓘ modification of NVRAM from user space ⓘ modification of protected system files ⓘ runtime attachment to system processes ⓘ |
| scope |
Apple-signed system binaries
ⓘ
system-level components ⓘ |
| securityModel | mandatory access control ⓘ |
| targetUsers | all macOS users ⓘ |
| threatModel |
accidental modification of critical system files
ⓘ
malicious software with root privileges ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.