macOS csrutil, pkg verification, security

  1. Run:
    sudo spctl –master-disable
  2. Then go to System Settings → Privacy & Security → Security — you’ll now see an “Anywhere” option under “Allow apps from”.

Give installer permissions

sudo security authorizationdb write system.install.apple-software allow
sudo security authorizationdb write system.install.software allow
sudo security authorizationdb write system.install.pkg allow

to undo

sudo security authorizationdb remove system.install.apple-software
sudo security authorizationdb remove system.install.software
sudo security authorizationdb remove system.install.pkg

Resetting it all

1. Run script below

2. After, enter recovery mode, delete two files:

rm /Volumes/Macintosh\ HD/Library/Application\ Support/com.apple.TCC/TCC.db

rm /Volumes/Macintosh\ HD/var/db/auth.db

When in rec mode, golden opportunity to disable SIP

csrutil disable

Why?

  • Writes csr-active-config to NVRAM so the kernel boots without SIP.
  • Removes kernel enforcement that blocks writes to protected paths (/System, /usr, /bin, /sbin, Apple /Applications).
  • Allows loading unsigned/tampered kernel extensions and modifies code-signing checks (AMFI becomes permissive).
  • Lets debuggers attach to any process (task_for_pid usable) and enables kernel debugging/patching.
  • Makes system daemons, launch agents, and protected configs editable; system volume can be remounted writable.

Tags: