SIP is another system that exists besides POSIX and the root user. With SIP enabled, let me demonstrate:
chris@chriscomp /usr/bin # sudo su root
root@chriscomp /usr/bin # touch testo
touch: testo: Operation not permitted
The possibility of privilege escalation vulns, like this one, exactly demonstrates the value of SIP! If someone escalates to root they can still do a lot of damage, but they can't do things like install a deep rootkit/kernel extension to silently snoop on you forever.
SIP also protects other things like your apple messages DB located at `~/Library/Messages/chat.db` . Even the root user, if running from a non-privileged origin process, can't read that file:
root@chriscomp / # cat /Users/chris/Library/Messages/chat.db
cat: /Users/chris/Library/Messages/chat.db: Operation not permitted
Granting an application/terminal the special Developer permission allows reading it though.
SIP also protects other things like your apple messages DB located at `~/Library/Messages/chat.db` . Even the root user, if running from a non-privileged origin process, can't read that file:
Granting an application/terminal the special Developer permission allows reading it though.