Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] El Capitan and Sandbox
- Date: Thu, 23 Jun 2016 16:43:59 -0400
- From: Kolja Kauder <kkauder@xxxxxxxxx>
- Subject: Re: [HTCondor-users] El Capitan and Sandbox
Rich,
I instinctively recoil at circumventing security features on this
machine, but you have a point; I will mull on it.
BTW, this error comes from procd trying to call task_for_pid which is
now heavily regulated.
Thanks,
Kolja
On Thu, Jun 23, 2016 at 3:44 PM, Rich Pieri <ratinox@xxxxxxx> wrote:
> On 6/23/16 3:21 PM, Kolja Kauder wrote:
>> Since the machine is a visible server, that won't be a secure
>> long-term solution. It would however allow me to edit the Sandbox
>
> I fail to see how this follows. SIP offers no protection against remote
> attacks and essentially no local protection given how easy it is to
> exploit privileged binaries.
>
>> settings. Do I guess correctly that I only need to add a file called
>> condor_procd.sb containing
>> (allow mach-priv-task-port
>> (*) )
>> ? (I didn't expect to ever use LISP outside .emacs :)
>
> My understanding is that changes to protected areas will be undone when
> you enable SIP. There may be ways around this but you'll have to go
> digging into the csrutil man pages to find them.
>
> --
> Rich Pieri <ratinox@xxxxxxx>
> MIT Laboratory for Nuclear Science
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/
--
________________________
Kolja Kauder, Ph.D.
Post-Doctoral Research Fellow,
Physics Dept., Wayne State University
________________________