If there were a simple checkbox in the OS to disable SIP, I would expect zillion... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

Someone on June 5, 2019 | parent | context | favorite | on: Use zsh as the default shell on your Mac

If there were a simple checkbox in the OS to disable SIP, I would expect zillions of ‘nice’ add-ons would ship with instructions on how to disable it.

I also expect zillions of helpful nieces/nephews would flip that checkbox for their uncles/aunts, and, accidentally or on purpose, leave it that way.

Even if that isn’t true, making it harder for malware to flip that flag already is a rational reason to implement it this way.

Wowfunhappy on June 7, 2019 [–]

I have zero issues with how SIP is currently implemented. It's just hard enough to turn off to protect people, without being overly annoying.

I do worry very much about SIP becoming impossible to disable some day. Don't ban knives because people might cut themselves.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact