The 'App' You Can't Trash: How SIP is Broken in Apple's High Sierra OS (eclecticlight.co) 30
A reader shares a blog post that talks about why Mac running High Sierra 10.13.2 (and other versions near it) refuses to let users uninstall some third-party applications easily. For instance, when users attempt to uninstall BlueStacks, an Android emulator, the Finder shows this warning: "The operation can't be completed because you don't have the necessary permission." The blog post looks into the subject: The moment that we see the word permission, all becomes clear: it's a permissions problem. So the next step is to select the offending item in the Finder, press Command-I to bring up the Get Info dialog, and change the permissions. It does, though, leave the slight puzzle as to why the Finder didn't simply prompt for authentication instead of cussedly refusing. Sure enough, after trying that, the app still won't go and the error message is unchanged. Another strange thing about this 'app' is that it's not an app at all. Tucked away in a mysterious folder, new to High Sierra, in /Library/StagedExtensions/Applications, its icon is defaced to indicate that the user can't even run it. Neither did the user install it there. Trying to remove it using a conventional Terminal command sudo rm -rf /Library/StagedExtensions/Applications/BlueStacks.app also fails, with the report Operation not permitted.High Sierra leaves the user wondering what has happened. There's nothing in Apple's scant documentation to explain how this strange situation has arisen, and seemingly nothing more that the user can do to discover what is wrong, or to do anything about it. The clue comes from probing around in Terminal, specifically using a command like ls -lO /Library Try that in High Sierra, and you'll see drwxr-xr-x@ 4 root wheel restricted 128 2 Jan 13:03 StagedExtensions
There are two relevant pieces of information revealed: the @ sign shows that directory has extended attributes (xattrs), and the word restricted that it is protected by System Integrity Protection (SIP). A quick peek inside /Library/StagedExtensions/Applications/BlueStacks.app shows that it is a stub of an app, lacking any main code, but it does contain a kernel extension (KEXT) which is also protected by SIP, by virtue of being inside a SIP-protected folder. > ls -lO /Library/StagedExtensions/Applications
drwxr-xr-x 3 root wheel restricted 96 2 Jan 13:03 BlueStacks.app So how did this third-party kernel extension end up in this mysterious folder, complete with SIP protection?
SIP? (Score:4, Insightful)
Please STOP using existing acronym. SIP has already been in use by something else:
https://en.wikipedia.org/wiki/Session_Initiation_Protocol
By the headline, I was expecting an article to be about how SIP softphones were broke in MAC OS.
Re: (Score:2)
Had the same impression. Was coming in here to post, "Back in my day, every provider broke SIP in their own unique way. Did we whine about it? Well, yes, but then we worked around it.
Get off my lawn".
Re: (Score:1)
Single Inline Package.
Various leaded chips, and resistor arrays are arranged in this fashion.
Re: (Score:2)
K, but is that contextual relevant?
Both the package mentioned in the article and SIP are software applications, and what you put forth is a hardware configuration. It's not unreasonable to assume folks wouldn't confuse them.
Re: (Score:1)
Me too! (says an AOL'er)
:)
I had the first same impression, then read the article (shock! horror!) and thought to myself "I thought SIP was for VoIP & such...."
I welcome you on my lawn.
-Miser
Re: (Score:1)
Please STOP using an existing acronym. SIP is already in use by something else
https://en.wikipedia.org/wiki/Standard_Interchange_Protocol [wikipedia.org]
Re: (Score:2)
Re: (Score:2)
I use the SIP [wikipedia.org] to do research for the package I'm writing to automate my SIP [wikipedia.org] which I'm writing using SIP [wikipedia.org]. Thanks to the SIP [wikipedia.org] my phone service is good and I don't need to use SIP [wikipedia.org] to phone people.
Re: (Score:3)
Shelter In Place
Self Inspection Program
Serial Interface Protocol
System Implementation Plan
Systems Integration Plan
Summer Internship Program
Share Incentive Plan
Signal Image Processing
Sooner If Possible
First post: It's Apple. Expecting something else? (Score:1)
you got it all wrong (Score:1)
Glass half full, glass half empty... maybe you're just thinking about it the wrong way?
Perhaps this "app" is really the kernel. Or maybe you should think about it that way. And the rest of your kernel, and whole damn computer, is wrapped around its little finger.
There. Problem solved. Just a bit of topological thinking and you're good!
When Windows 10 did this ... (Score:1)
I replaced my last Windows OS by a Linux (without systemd, of course).
Kind of how (Score:2)
Andy, another android emulator (Score:2)
I warn about that one.
..." ... but I think I used an chmod or chown before that ... don't remember what I actually needed to do to remove it.
It asks for privileges to install (Mac OS X Applications usually don't need privileges, you just copy them with drag and drop into the Applications folder), then tries to install (with a warning) a "Yahoo Toolbar" and silently installs "Mac Keeper" a mal ware.
But it is easy to remove with sudo "rm
There was a background process running, watching the killing of the Mac
So turn it off (Score:2)
Using preferences is hard now?
Re: (Score:2)
Turn what off? SIP? You can't, there is no option to disable it. It's always on as part of Apple's continued effort to boil the frog until no one notices OS X is now iOS X.
You can [cleverfiles.com], but I wouldn't recommend it. Just use the kextunload command to turn off a kernel extension, it can then be deleted.
with imac pro you can't remove storage to offline (Score:2)
with imac pro you can't remove storage to remove it offline as well. Coming soon in mac os more lock down and down the road limited drivers for GPU's in TB docs. rootless = no updating build in ATI drivers and no NVIDIA ktexts
kextunload command... (Score:3)
Don't go mucking around with that thing. (Score:1)
does apple need an installer / uninstaller system? (Score:2)
does apple need an installer / uninstaller system? Like windows MSI?
Re: (Score:2)
There's a reason (Score:2)
I've stayed on El Capitan (tried Sierra - twice - and eventually rolled back to El Capitan - twice). Unfortunately it will stop getting security updates sometime this summer, though... at which point I'll have to pick my poison and "upgrade".
Unix (Score:2)