| ▲ | nl 3 hours ago | |||||||
Good point! But they argue that: > PT_DENY_ATTACH (ptrace constant 31): Invoked at process startup before any sensitive data is loaded. Instructs the macOS kernel to permanently deny all ptracerequests against this process, including from root. This blocks lldb, dtrace, and Instruments. > Hardened Runtime: The binary is code-signed with hardened runtime options and explicitly without the com.apple.security.get-task-allow entitlement. The kernel denies task_for_pid() and mach_vm_read()from any external process. > System Integrity Protection (SIP): Enforces both of the above at the kernel level. With SIP enabled, root cannot circumvent Hardened Runtime protections, load unsigned kernel extensions, or modify protected sys- tem binaries. Section 5.1 proves that SIP, once verified, is immutable for the process lifetime. gives them memory protection. To me that is surprising. | ||||||||
| ▲ | mirashii 37 minutes ago | parent | next [-] | |||||||
Looking at their paper at [1], there's a gaping hole: there's no actual way to verify the contents of the running binaries. The binary hash they include in their signatures is self-reported, and can be modified. That's simply game over. [1] https://github.com/Layr-Labs/d-inference/blob/master/papers/... | ||||||||
| ||||||||
| ▲ | dinobones 2 hours ago | parent | prev | next [-] | |||||||
Couldn't someone just uhh... patch their macOS/kernel, mock these things out, then behold, you can now access all the data? If it's not running fully end to end in some secure enclave, then it's always just a best effort thing. Good marketing though. | ||||||||
| ||||||||
| ▲ | saagarjha an hour ago | parent | prev | next [-] | |||||||
They quite frankly have no idea what they are talking about. | ||||||||
| ▲ | ramoz 3 hours ago | parent | prev [-] | |||||||
I'm not arguing anything. This is how it works. There is no but. Protection here is conditional, best-effort. There are no true guarantees, nor actual verifiability. | ||||||||