Saagar Jha (@saagar@saagarjha.com)

Saagar Jha

03/05/2026 (replying to Jeff Johnson)

@lapcatsoftware @joe I think Library Validation was introduced before SIP but not way back in 10.6

Saagar Jha

03/05/2026 (replying to Saagar Jha)

@lapcatsoftware @joe To be clear I am not saying that 10.10 was secure I just don’t think the current state is exactly the same as what we had back then

Jeff Johnson

03/05/2026 (replying to Saagar Jha)

@saagar @joe Library validation was introduced in 10.10. That’s the point, though: it’s independent of SIP.

The question is whether disabling SIP is worse than not having SIP, and I’m not sure that it is. You seem to blame SIP for the introduction of a root escalation, whereas I wonder whether it was preexisting.

Saagar Jha

03/06/2026 (replying to Jeff Johnson)

@lapcatsoftware @joe It’s more nuanced than that. If there’s a security bug, and we assume Apple will get around to it someday, without SIP they would fix it in some other way. Wi5 SIP, that is the way they consider it fixed.

Jeff Johnson

03/06/2026 (replying to Saagar Jha)

@saagar @joe "we assume Apple will get around to it someday"

I don't assume that. ;-)

In any case, it's merely hypothetical speculation. There's no real-world argument that disabling SIP is worse than pre-SIP without real-world examples of post-SIP bugs.

Also, Apple can be publicly pressured. Disabling SIP is supposed to be an outlet for "You can always choose to run any software on your system," which becomes a lie if Apple sabotages that.