macq via X11-users <[email protected]> writes:
> Thanks!
> On 9/11/20, 6:15 PM, "Jamie Kennea" <[email protected]> wrote:
>> Open up the “Security and Privacy” Pane in System Preferences, go to “Full
>> Disk Access” and add /bin/bash to that list. Doesn’t matter if you don’t use
>> bash as your shell.
Another option in the "big hammer" department is to turn off SIP [1].
I've never personally had to fool with Full Disk Access settings, which
is likely because I have to turn off SIP because it breaks basic software
testing use-cases [2].
<rant>
It'd be nice if Apple paid more attention to making their security
features actually usable by power users. Disabling SIP is not cool from
a security perspective, and neither is granting FDA on a scope as wide
as /bin/bash, because either thing basically means you're handing the
keys to the kingdom to any hacker who manages to get a toehold in your
machine. But if you can't do what you bought the machine for without
turning off these security features, then you're stuck.
I think SIP is quite comparable to SELinux in the Linux world. The
difference is that Red Hat spent *years* tuning the SELinux policies
to the point where you could actually enable it on production or
development machines and not have stuff fall over on a regular basis.
(I know, I was there.) Apple's approach to SIP, on the other hand,
seems to be "what we shipped on day one is perfect, if it doesn't
work for you it's your problem".
</rant>
regards, tom lane
[1]
https://www.howtogeek.com/230424/how-to-disable-system-integrity-protection-on-a-mac-and-why-you-shouldnt/
[2]
https://www.postgresql.org/message-id/flat/18012hGLG6HJ9pQDkHAMYuwQKg%40sparkpost.com
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list ([email protected])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/x11-users/archive%40mail-archive.com
This email sent to [email protected]
