Is it safe to turn off 'System Integrity Protection' to get TotalFinder to run on El Cap?

Discussion in 'OS X El Capitan (10.11)' started by peanutismint, Aug 29, 2015.

  1. peanutismint macrumors 6502

    peanutismint

    Joined:
    Apr 4, 2007
    Location:
    Cardiff, UK
    #1
    TotalFinder is one of the many Mac apps I can't live without. It simply makes my Mac experience better, adding split-window browsing, 'folders on top' file view and the all-important 'cut' command to OS X.

    As of El Cap beta, it no longer works, but I've been told it will work if I turn off 'System Integrity Protection' in safe mode....

    Does anybody know what this feature does (apart from breaking many useful apps like TotalFinder!)? Is it meant to protect against malicious viruses etc or is it just to stop people from messing with (read: 'making better'!) the OS X system core?

    The suggestion can be found on this page: http://blog.binaryage.com/el-capitan-update/
     
  2. leman macrumors 604

    Joined:
    Oct 14, 2008
    #2
    The SIP feature protects the core system files from non-authorised modifications. Apps like TotalFinder basically inject code into Apple's stock applications, this is why SIP breaks them. Technically, there is a good chance that they will still work once the TotalFinder developers fix their code (other add-on apps like MailTags and xtraFinder seem to have a working beta for 10.11). You can of course turn SIP off, but you might be compromising your system for future vulnerabilities or introducing potential stability issues.

    As far as my personal opinion goes, I believe that developers of TotalFinder should invest their time into making a standalone file browsing app rather than hacking around in Finder's code. Its messy, its ugly and it can produce hard to detect bugs. For a properly designed modern OS X application, SIP is not a problem. Apple offers plenty of tools to do (almost) whatever you want, but they ask you to play safe. Which, I think, is ultimately in the interest of the user.
     
  3. peanutismint thread starter macrumors 6502

    peanutismint

    Joined:
    Apr 4, 2007
    Location:
    Cardiff, UK
    #3
    Ok cool, thanks for the info on SIP.

    I think from the sounds of their website the team have got sick of Apple blocking their apps and have decided to abandon TotalFinder which is a shame, so I'm not holding my breath for an update...! I understand this may well be the way of many of these kind of apps now as Apple lock down their systems more, but I've had few problems with TotalFinder in the past so I'll give it a try.

    UPDATE: Or, alternatively, I've heard XtraFinder might still work (which does a lot of the same things that I'm looking for...)
     
  4. leman macrumors 604

    Joined:
    Oct 14, 2008
    #4
    I jus want to make it clear that Apple is not blocking their apps. Rather, they are abusing the undocumented and unsupported features of the OS to modify a stock application. So please don't blame this one on Apple. They never supported it and they always were very clear that the developers should not use undocumented features. If anything, you should be angry at the developer who is selling software which is known from the start to be volatile.
     
  5. subsonix macrumors 68040

    Joined:
    Feb 2, 2008
    #5
    As you mention, El Capitain is still in beta, a safer thing is to wait until it's not in beta and let Total Finder resolve the issue on their end. Don't run a beta version of the OS if you depend on it for your day to day activities.
     
  6. fisherking macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #6
    bartender has a good process: turn off SIP, install bartender, reboot, turn SIP back on. works...
     
  7. peanutismint thread starter macrumors 6502

    peanutismint

    Joined:
    Apr 4, 2007
    Location:
    Cardiff, UK
    #7
    I'm perfectly aware of who the 'bad guys' are in this situation, but the truth is those 'bad guys' added functionality to the system that, really, a company who I've given a large amount of money to over the years should really have had included in the first place. Also, let's not pretend that what these people enabled was some sort of evil sin; you say volatile but I hardly experienced any untoward or negative effects when using their software. Of course, YMMV...
     
  8. peanutismint thread starter macrumors 6502

    peanutismint

    Joined:
    Apr 4, 2007
    Location:
    Cardiff, UK
    #8
    I use Bartender as well so this is a good tip, thanks!
     
  9. peanutismint thread starter macrumors 6502

    peanutismint

    Joined:
    Apr 4, 2007
    Location:
    Cardiff, UK
    #9
    I wish I'd never updated. I didn't need to. It was an impulse decision!
     
  10. leman macrumors 604

    Joined:
    Oct 14, 2008
    #10
    With volatile I meant 'potentially broken after any minor OS upgrade', sorry if thats a bad choice of a verb (english is not my main language).
     
  11. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #11
    One necessarily includes the other, System Integrity Protection doesn’t distinguish between good and bad modifications. As Apple said in one of the developer sessions: system security is all about layers. This is yet another layer that is supposed to catch malicious programs that root fails to prevent from running. You are perfectly free to decide which protection layers you need and which ones you find unnecessary. Just as you can disable Gatekeeper to prevent unsigned applications from being run the first time, you can disable System Integrity Protection to protect your system against malware or exploits that root fails to protect you against.

    Is there a potential risk? Yes, of course. The questions are how big is that risk and do you think it is worth it. There is no right or wrong answer to this question. If you think that root protects you adequately, just as it has for many years, there is no inherent need to apply System Integrity Protection.
     
  12. w0lf macrumors 65816

    w0lf

    Joined:
    Feb 16, 2013
    Location:
    USA
    #12
    To answer the title, you'll be as safe as you were pre-El Capitan if you turn off SIP. So if you weren't worried then you probably don't need to be worried now with it off.

    Tweaks that require injection to system apps can be installed in /System with SIP off and will then work with SIP turned back on (at least for the time being). That's what Bartender is doing and what I've done with cDock.
     
  13. Zorn macrumors 6502a

    Zorn

    Joined:
    Feb 14, 2006
    Location:
    Ohio
    #13
    I pretty much was about to post this exact same thing; well said.
     

Share This Page