Hacker News new | past | comments | ask | show | jobs | submit login

SIP relies on entitlements, which rely on code signing. I'm not sure code signing is at all a thing on Linux.



Package signing is definitely a thing on Linux.


On installation sure, but not on execution.

/usr/bin/vim was installed by my package manager, but there's no guarentee the version I'm running matches the version that was installed. Now in debian there is a file which has a checksum of the version the package installed, but that's not checked on execution, nor is it itself signed (so the process that replaced vim could just as easilly replace the checksum, or the process that checks the checksum)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: