翻訳と辞書 |
System Integrity Protection : ウィキペディア英語版 | System Integrity Protection
System Integrity Protection (SIP, sometimes referred to as rootless) is a security feature of , the operating system by Apple Inc. It protects certain system processes, files and folders from being modified or tampered with by other processes even when executed by the root user or by a user with root privileges (sudo). Apple says that the root user can be a significant risk factor to the system's security, especially on systems with a single user account on which that user is also the administrator. System Integrity Protection is enabled by default, but can be disabled. ==Overview== Apple says that System Integrity Protection is a necessary step to ensure a high level of security. In one of the WWDC developer sessions, Apple engineer Pierre-Olivier Martel described unrestricted root access as one of the remaining weaknesses of the system, saying that "() piece of malware is one password or vulnerability away from taking full control of the device". He stated that most installations of have only one user account that necessarily carries administrative credentials with it, which means that most users can grant root access to any program that asks for it. Whenever a user on such a system is prompted and enters their account password – which Martel says is often weak or non-existent – the security of the entire system is potentially compromised.〔 Restricting the power of root is not unprecedented on . For instance, versions of Mac OS X prior to Leopard enforce of securelevel, a security feature that originates in BSD and its derivatives upon which is partially based.
抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「System Integrity Protection」の詳細全文を読む
スポンサード リンク
翻訳と辞書 : 翻訳のためのインターネットリソース |
Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.
|
|