[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] El Capitan and Sandbox


I instinctively recoil at circumventing security features on this
machine, but you have a point; I will mull on it.

BTW, this error comes from procd trying to call task_for_pid which is
now heavily regulated.


On Thu, Jun 23, 2016 at 3:44 PM, Rich Pieri <ratinox@xxxxxxx> wrote:
> On 6/23/16 3:21 PM, Kolja Kauder wrote:
>> Since the machine is a visible server, that won't be a secure
>> long-term solution. It would however allow me to edit the Sandbox
> I fail to see how this follows. SIP offers no protection against remote
> attacks and essentially no local protection given how easy it is to
> exploit privileged binaries.
>> settings. Do I guess correctly that I only need to add a file called
>> condor_procd.sb containing
>> (allow mach-priv-task-port
>>        (*) )
>> ? (I didn't expect to ever use LISP outside .emacs :)
> My understanding is that changes to protected areas will be undone when
> you enable SIP. There may be ways around this but you'll have to go
> digging into the csrutil man pages to find them.
> --
> Rich Pieri <ratinox@xxxxxxx>
> MIT Laboratory for Nuclear Science
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/

Kolja Kauder, Ph.D.
Post-Doctoral Research Fellow,
Physics Dept., Wayne State University