Iwasawa π (one hikari of too many)
(replying to Iwasawa π (one hikari of too many))
tbh if i was making the default config for a server os i would disable /proc/xxx/mem. if you have rce but no privilege escalation there'd be lots of fun you could have with it otherwise
1 replies β
1 replies
Saagar Jha
(replying to Iwasawa π (one hikari of too many))
@hikari task_for_pid is actually kind of a good security model donβt @ me
Iwasawa π (one hikari of too many)
(replying to Saagar Jha)
@saagar i agree, i have some complaints but overall i think βsystem integrity protectionβ and related things are quite well-designed
Saagar Jha
(replying to Iwasawa π (one hikari of too many))
@hikari If Apple ships AMFI Trusted Keys I will go back and like this
Iwasawa π (one hikari of too many)
(replying to Saagar Jha)
@saagar could you tell me more about what the hell that is
2 replies β
2 replies
Saagar Jha
(replying to Iwasawa π (one hikari of too many))
@hikari Image if you could be the root of trust on your machine
Skip R. :ms_two_male_symbols:
(replying to Saagar Jha)
Skip R. :ms_two_male_symbols:
(replying to Iwasawa π (one hikari of too many))
@hikari @saagar at risk of dunning-krugering too hard i think what Saagar is trying to get at is that because SIP is the first line of defense in a lot of ways your two choices are "be able to snoop on platform binaries/poke around, but your security posture is utterly fucked" and "literally can't do anything interesting"
Saagar Jha
(replying to Skip R. :ms_two_male_symbols:)
Skip R. :ms_two_male_symbols:
(replying to Saagar Jha)
Saagar Jha
(replying to Skip R. :ms_two_male_symbols:)
2 replies β
2 replies
Skip R. :ms_two_male_symbols:
(replying to Saagar Jha)
Iwasawa π (one hikari of too many)
(replying to Saagar Jha)
Iwasawa π (one hikari of too many)
(replying to Saagar Jha)