Being administrator no longer dangerous?

Discussion in 'OS X El Capitan (10.11)' started by comics addict, Sep 20, 2015.

  1. comics addict macrumors 6502a

    Joined:
    Feb 16, 2013
    #1
    With the new system integrity protection in OS X 10.11 does it no longer makes sense not to run as an administrator for day to day use like is common safe computing practices? OS X malware is comparatively rare when compared to windows but I'm of the kind that rather' she safe than sorry. Don't use an antivirus program but do have separated accounts for my mac even though I'm the only user. One an administrator user and another standard one for typical use. Would really appreciate someone more knowledgeable than me to explain in more detail what SIP actually does in El Capitan.
     
  2. KALLT, Sep 20, 2015
    Last edited: Sep 20, 2015

    KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #2
    Check out the Wikipedia article, it is a short summary. In a nutshell: System Integrity Protection adds a new restricted flag to files and folders on the system that prevents even root from writing to it. Apple has added it to /System, /bin and /sbin as well as several stock applications, among other things. This means that root can no longer modify system files and common Apple applications are protected from code injection and runtime attachment.

    If that is the risk you are worried about then SIP mitigates or potentially eliminates this. However, root does still exist beyond SIP and it will prevent write operations to common files on your system that surpass regular user access. Even though malware can probably not infect your core system anymore, it can still wreak havoc in your local library.

    If you are already used to having two accounts and not using sudo, then I recommend you uphold that practice. SIP is just an additional protection layer, but there is no guarantee that it is impenetrable. Regular users don’t need sudo.

    It also occurred to me the other day that SIP can be disabled easily by anyone who has access to your Mac (unless you have a firmware password). All it takes is a boot into Recovery and a simple Terminal command. If you are not aware that SIP has been turned off, you will be vulnerable.
     
  3. Toutou macrumors 6502a

    Toutou

    Joined:
    Jan 6, 2015
    Location:
    Prague, Czech Republic
    #3
    Being an administrator has never really been dangerous. An admin account in OS X is an account that can REQUEST root access, it's not THE root almighty. SIP is just an additional layer of protection against people who like to mess with sudo too much and enter their root passwords without thinking.
     
  4. comics addict thread starter macrumors 6502a

    Joined:
    Feb 16, 2013
    #4
    Thanks for clarifying guys.I guess for my case it doesn't seem to harden my computer any more than I currently have it setup. It's simply another (rather important mind you) layer of security in addition to OS X.
     
  5. Shirasaki macrumors 603

    Shirasaki

    Joined:
    May 16, 2015
    #5
    Alternatively, you can use
    Sudo passwd root
    to set up a separate password for root user, rather than your administrator password.

    Therefore, a much better system level protection could be:
    Firmware password.
    User login COMPLEX password.
    Root unique COMPLEX password.
    Administrator unique COMPLEX password.
    Plus you may need to change those passwords regularly (a year or shorter).
    ;)
     
  6. comics addict thread starter macrumors 6502a

    Joined:
    Feb 16, 2013
    #6
    Thanks but no thanks. :p I am a security-conscious user but I don't need that much hardening lol. Thanks for the tips though.
     
  7. Shirasaki macrumors 603

    Shirasaki

    Joined:
    May 16, 2015
    #7
    Yeah. Even I have such sense, I would rather setting up a complex enough password for admin, and a unique password for root, and change it regularly, and open SIP, and no more. ;)
     
  8. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #8
    The root user is not enabled by default on OS X. You’d need elevated privileges to enable it. I don’t see a particular reason why you would change the root password in this case. When the administrator account is compromised then the damage is already done. System Integrity Protection will protect the core system either way.
     
  9. Shirasaki macrumors 603

    Shirasaki

    Joined:
    May 16, 2015
    #9
    Oh, so you mean attackers can use a single administrator account to do anything they want to do, under Mac OS X?
     
  10. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #10
    Well, yes. That’s the point of elevating privileges using sudo. You are basically usurping the root account itself for the execution of the commands. That’s why people recommend using two separate accounts, one being a regular user, and only enter the administrator credentials when it is absolutely necessary. When you are running OS X on a single account and your password is compromised, malicious software can bypass security. That’s the whole point of System Integrity Protection, it is the equivalent of saying that root itself can no longer be trusted and shouldn’t be capable of modifying core system files.
     

Share This Page