Comment by nomel
20 hours ago
Sure, if you run software from strangers on the internet, while explicitly giving them access to your systems, bad things can happen. But SIP is definitely a net good that makes many things directly impossible.
Do you have a system in mind that prevents the user from doing this?
> Do you have a system in mind that prevents the user from doing this?
Sure, macOS could adopt an iPad-style security system that refuses to run all software outside the App Store. It works on iPhone and iPad just fine, all the prosumers love it.
It's not like native darwin triples are a popular compilation target. There wouldn't be any vast tragedy if the macOS shellutil authors were told to use zsh in a VM instead, it would separate the parts of macOS that Apple cares about from the parts they don't seriously support. WSL and Crostini achieves this on vastly weaker hardware with great results.
macOS does precisely that out of the box, doesn't it? You have to change some settings to run other software. I've got it set to: allow notarized, warn for internet downloads (even if notarized), everything else after explicit permission.