Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] El Capitan and Sandbox

Date: Thu, 23 Jun 2016 15:44:01 -0400
From: Rich Pieri <ratinox@xxxxxxx>
Subject: Re: [HTCondor-users] El Capitan and Sandbox

On 6/23/16 3:21 PM, Kolja Kauder wrote:
> Since the machine is a visible server, that won't be a secure
> long-term solution. It would however allow me to edit the Sandbox

I fail to see how this follows. SIP offers no protection against remote
attacks and essentially no local protection given how easy it is to
exploit privileged binaries.

> settings. Do I guess correctly that I only need to add a file called
> condor_procd.sb containing
> (allow mach-priv-task-port
>        (*) )
> ? (I didn't expect to ever use LISP outside .emacs :)

My understanding is that changes to protected areas will be undone when
you enable SIP. There may be ways around this but you'll have to go
digging into the csrutil man pages to find them.

-- 
Rich Pieri <ratinox@xxxxxxx>
MIT Laboratory for Nuclear Science

Follow-Ups:
- Re: [HTCondor-users] El Capitan and Sandbox
  - From: Kolja Kauder

References:
- [HTCondor-users] El Capitan and Sandbox
  - From: Kolja Kauder
- Re: [HTCondor-users] El Capitan and Sandbox
  - From: Rich Pieri
- Re: [HTCondor-users] El Capitan and Sandbox
  - From: Kolja Kauder

Prev by Date: Re: [HTCondor-users] SUBMIT_REQUIREMENT
Next by Date: Re: [HTCondor-users] El Capitan and Sandbox
Previous by thread: Re: [HTCondor-users] El Capitan and Sandbox
Next by thread: Re: [HTCondor-users] El Capitan and Sandbox
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [HTCondor-users] El Capitan and Sandbox