[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] El Capitan and Sandbox
- Date: Thu, 23 Jun 2016 16:43:59 -0400
- From: Kolja Kauder <kkauder@xxxxxxxxx>
- Subject: Re: [HTCondor-users] El Capitan and Sandbox
I instinctively recoil at circumventing security features on this
machine, but you have a point; I will mull on it.
BTW, this error comes from procd trying to call task_for_pid which is
now heavily regulated.
On Thu, Jun 23, 2016 at 3:44 PM, Rich Pieri <ratinox@xxxxxxx> wrote:
> On 6/23/16 3:21 PM, Kolja Kauder wrote:
>> Since the machine is a visible server, that won't be a secure
>> long-term solution. It would however allow me to edit the Sandbox
> I fail to see how this follows. SIP offers no protection against remote
> attacks and essentially no local protection given how easy it is to
> exploit privileged binaries.
>> settings. Do I guess correctly that I only need to add a file called
>> condor_procd.sb containing
>> (allow mach-priv-task-port
>> (*) )
>> ? (I didn't expect to ever use LISP outside .emacs :)
> My understanding is that changes to protected areas will be undone when
> you enable SIP. There may be ways around this but you'll have to go
> digging into the csrutil man pages to find them.
> Rich Pieri <ratinox@xxxxxxx>
> MIT Laboratory for Nuclear Science
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> The archives can be found at:
Kolja Kauder, Ph.D.
Post-Doctoral Research Fellow,
Physics Dept., Wayne State University