Hacker News new | comments | ask | show | jobs | submit login

Does macOS have any security features similar to pledge/unveil or any of the Linux hardening packages?

It has a port of PF.

I'm more interested to know about system call and filesystem access restrictors. I think pf is only a packet filter.

There's SIP and Keychain, but it does not prevent say Safari from accessing Mail or user memory in general. If macOS becomes an iOS port (instead of iOS being the derivative work of the barely used UNIX system called macOS) perhaps we'd see some of the iOS specific hardening. AFAIK that kind of sandboxing does not exist in macOS. How difficult would it be to port something like pledge or unveil to macOS?

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact