←back to thread

Apple's apps bypass firewalls like LittleSnitch and LuLu on macOS Big Sur

(twitter.com)
1183 points robenkleene | 1 comments | 20 Oct 20 15:51 UTC | HN request time: 0.215s | source
Show context
Wowfunhappy ◴[20 Oct 20 16:46 UTC] No.24839553[source]
I wonder if it would make sense for Little Snitch to continue supporting their kext-based solution in parallel to the new one, possibly only for users who are willing to disable SIP.

You might argue that disabling SIP for a security product defeats the point, but I'm not sure if that's necessarily true. SIP effectively delegates trust away from the user and towards Apple, which is fine as a default—but the calculus may be different for experienced users, like the ones who use Little Snitch.

replies(1): >>24841142 #
novok ◴[20 Oct 20 19:02 UTC] No.24841142[source]
Eventually I don't think little snitch will even have apis to access stuff like that in the kernel as a kext as macos updates continue on.
replies(1): >>24841283 #
Wowfunhappy ◴[20 Oct 20 19:15 UTC] No.24841283[source]
Kexts are used by Apple internally, so I'd be shocked if they were removed from the OS completely. Third party kexts may be deprecated, but as long as SIP can be disabled it will always be possible to load your own.
replies(2): >>24843118 #>>24845946 #
saagarjha ◴[21 Oct 20 08:45 UTC] No.24845946[source]
Apple could stop allowing you to load kexts they don’t sign, like they do on iOS.
replies(1): >>24847261 #
sneak ◴[21 Oct 20 12:46 UTC] No.24847261[source]
It’s my understanding (and I imagine yours is better than mine) that at least at present, the macOS kernel is open source, which would mean that unless they forked it, disabling firmware security and SIP would mean that you could replace it with a compatible one compiled from open sources that skips such a check.

They can, of course, remove that option a number of ways: closed source kernel, disable the disablement of boot security (such as on iOS), et c.

replies(2): >>24848014 #>>24852281 #
1. saagarjha ◴[21 Oct 20 21:16 UTC] No.24852281[source]
The kernel is open source, but compiling it is non-trivial (over the years there's been a couple of hardcore people from the Hackintosh or jailbreaking community who do it, and sometimes Apple engineers write guides from time to time). But if they really wanted to stop this kind of thing they could go the iOS route and make it impossible to load that kernel.