Sure. Intentional. That's why many of us received our machines with SIP turned on - Apple isn't out to get *us*, just the rest of you.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
System Integrity Protection Inexplicably Disabled by Default on Some New MacBook Pro Models
- Thread starter MacRumors
- Start date
- Sort by reaction score
Sure. Intentional. That's why many of us received our machines with SIP turned on - Apple isn't out to get *us*, just the rest of you.
SIP is an annoying 'feature' at best - especially if you do a lot of partition creation, deployment and EFI work.
We managed to not destroy the root file system for over a decade of macOS but now people flip out at the idea of SIP being turned off.
We managed to not destroy the root file system for over a decade of macOS but now people flip out at the idea of SIP being turned off.
All these glitches are surely annoying but to be fair, every new OS is becoming incrementally more complex to a mind-numbing level, and conflicts or little oversights are just that much more likely to happen in the first couple of releases.
The good thing is that Apple usually moves relatively swiftly to correct the most onerous of these flaws.
Last edited:
That would be Jobs actually. If you didn't get the particular shape, color, size, whatever wrong, good luck.
Tim is just standing up for LGBT, lost kittens and whatnot.
Thank goodness. Someone needs to.
Quality control is fine - all these newbies think everything was roses and kittens in the old days with apple products.
I disabled in my 2013 MBA when I found that CS6 runs smoother and less glitchy with it off. It's unecessary if you are careful with what you install and don't have background services running.
Apples judgement has been questionable at best the last few years so I chock it up to that. SIP in El Crapistain, the iTard 7 and now the Donglebook Pro to name just a few--old, out-of-touch elitists with poor judgement.
Apples judgement has been questionable at best the last few years so I chock it up to that. SIP in El Crapistain, the iTard 7 and now the Donglebook Pro to name just a few--old, out-of-touch elitists with poor judgement.
It prevents critical system files from being modified, even if you have root access. Prevents a bug that allows privilege escalation from being used to hack your system, in theory.
I think their quality and service are better than they have ever been. For most people this would be fixed in an update
Thanks!
How comes it is disabled? Could an installer do this? My machine is in heavy use for 4 years now, and has quite a history with exotic hardware…
I checked your post history. In your last 20 comments, I found 1 single positive posting where you kinda-sorta help someone. The rest is filled with complaints.
[doublepost=1479458162][/doublepost]
That's not a good idea. It doesn't get security updates anymore, as far as I know. If I were you, I'd at least switch browser to Firefox or Chrome so that base is covered.
SIP is just really annoying for power users.
I understand the protection it provides. But having to reboot and deactivate it in terminal and then reactivate it again every time I wanted to change a system file is super annoying.
There should be some way to do this without rebooting. Similar security measures on other OSes like SELinux, AppArmor etc also offer ways to do this.
I'm a bit worried that Apple's plan is to have this setting blocked altogether in future versions, making the Mac similar to an iOS in the sense that the system files are completely out of bounds for the user. That would be unacceptable to me.
My Mac Mini is still my daily driver but I find myself using Linux more and more, Apple is really forgetting about the power users.
I understand the protection it provides. But having to reboot and deactivate it in terminal and then reactivate it again every time I wanted to change a system file is super annoying.
There should be some way to do this without rebooting. Similar security measures on other OSes like SELinux, AppArmor etc also offer ways to do this.
I'm a bit worried that Apple's plan is to have this setting blocked altogether in future versions, making the Mac similar to an iOS in the sense that the system files are completely out of bounds for the user. That would be unacceptable to me.
My Mac Mini is still my daily driver but I find myself using Linux more and more, Apple is really forgetting about the power users.
It is more annoying to ‘prutsers’ than anyone else. I consider myself to be a ‘power user’ and I found no reason to disable SIP at all, not even temporarily. What is that you cannot do anymore?
System programs and pre-installed programs still have the same permissions. SIP merely prevents unauthorised processes, including yourself, from changing these permissions. A system program that runs with root privileges is still susceptible to privilege escalations to the extent that it has access. To stop system programs from being affected by SIP, Apple has given itself a private entitlement to code-sign programs so that they can work unimpeded. It has applied this to some of its own programs and these are not affected by SIP. SIP is really just a way for Apple to claim control over system directories and prevent anyone else from changing things at runtime.
Its a bug that will be fixed as soon as the NSA or Chinese government have the info they want this month. Next month the bug will show up again.
[doublepost=1479475593][/doublepost]
Just another nail in the coffin. I am in the same situation. Wanted to replace several Macs this year, but being a power user, it does not make sense to use Apple hardware any more. Apple today is all about Apple's control, not the users freedom.
[doublepost=1479475593][/doublepost]
Just another nail in the coffin. I am in the same situation. Wanted to replace several Macs this year, but being a power user, it does not make sense to use Apple hardware any more. Apple today is all about Apple's control, not the users freedom.
hold command + C for courage mode
I work in IT support and you would be amazed at how many people still don't know this.
I don't believe so. My 13" Touchbar model came with macOS 10.12.1 build 16B2657, which is the same as other models got.
now thats a nice feature.
just reset the PRAM, it will enable it. but I would not
[doublepost=1479483430][/doublepost]
el capitan works on the new tmbs? now thats a shocker.
just reset the PRAM, it will enable it. but I would not
[doublepost=1479483430][/doublepost]
el capitan works on the new tmbs? now thats a shocker.
It doesn't, but that's ok with me. I refuse to use anything newer. Fwiw,
- rarely download apps
- all incoming connections blocked with ALF and Murus
- all non-essential outgoing connections are blocked with Radio Silence
- extensive domain blocking with hosts file and Gas Mask
- RansomWhere? keeps watch of encryption processes
- Chrome and SSL Enforcer for high-profile stuff
Strange occurrence on my brand new 15" MBP. Have the Radeon Pro 460 upgrade. In 'About This Mac,' it showed the Radio Pro 460 with 4 GB and Intel (appropriately). Saw this article on the SIP. Check my system and SIP was disabled. Booted into Recover mode and enabled SIP. Rebooted. SIP now reports it's enabled BUT About This Mac now doesn't report the presence of the Radeon card and only says: Intel HD Graphics 530 1536 MB. Can anyone think of a reason these would be connected?
I can add now that Adobe Illustrator reports finding and using the Radeon with appropriate report of memory (greater than 3 GB).
I can add now that Adobe Illustrator reports finding and using the Radeon with appropriate report of memory (greater than 3 GB).
Last edited:
If there were, then that could be hacked, and it'd be moot. Make it a separate boot time option is part of the protection. Don't get me wrong - it's like containers on mobiles. It'd provide some protection, but it's also a false sense of security.
[doublepost=1479509699][/doublepost]
The #1 best defense is a fully patched system. Skipping that is like making sure your belt is tight so your pants don't fall down, but not noticing that you blew out the seat in your jeans.
I just finished reinstalling macOS Sierra on my new 2016 MBP with TouchBar BTO 512SSD which came from the factory with SIP disabled. I can confirm that reinstalling the OS (build 16B2659) from the restore partition also has SIP disabled. So in summary: HUGE WASTE OF TIME