Safari incorrect information related to SIP

[quackerex]

Affected page

https://www.privacyguides.org/en/mobile-browsers/#safari

Description

Related: #2194

Safari is restricted to Apple devices and is covered by System Integrity Protection, a security feature which limits system programs and files to being read-only so they can't be tampered with by you or malware.

This is incorrect as SIP prevent any random process from reading files (assuming there is no 0-day exploit for this).
You can verify this in macos by running sudo ls ~/Library/Safari command in Terminal:

Sources

https://rambo.codes/posts/2023-04-04-macos-security-bugs-exposed-safari-history-and-device-location-to-unauthorized-apps

Before submitting

• I am reporting something that is verifiably incorrect, not a suggestion or opinion.
• I agree to the Community Code of Conduct.

[ghost]

From Apple's documentation:

System Integrity Protection restricts components to read-only in specific critical file system locations to help prevent malicious code from modifying them.

I think if their documentation says it then it's fine for our site as well.

[quackerex]

read-only so they can't be tampered with by you or malware

Read-only implies that files can be still be read making it possible for malware to do session hijacking.
This is impossible with safari because files are not even readable even if a malware has root privileges (without a 0-day exploit).

[quackerex]

I also realised that this is talking about Safari on iOS.
In iOS/iPadOS sandboxing is mandatory and it is impossible to access contents of any apps.

[ghost]

Again, I'm just sticking with what the official documentation says.

[quackerex]

Again, I'm just sticking with what the official documentation says.

From what I have seen iOS does not have SIP. iOS has its own security mechanisms in place to protect the integrity of the system and prevent unauthorised access or modifications, but it does not use the same SIP framework as macOS.
Instead iOS has Page Protection Layer (PPL)

Page Protection Layer (PPL) in iOS, iPadOS and watchOS is designed to prevent user space code from being modified after code signature verification is complete. Building on Kernel Integrity Protection and Fast Permission Restrictions, PPL manages the page table permission overrides to make sure only the PPL can alter protected pages containing user code and page tables. The system provides a massive reduction in attack surface by supporting systemwide code integrity enforcement, even in the face of a compromised kernel. This protection isn’t offered in macOS because PPL is only applicable on systems where all executed code must be signed.

I don't think information about SIP is relevant here as Safari is recommended for iOS unless it was intended to include macOS specific features in here.

[quackerex]

Regarding the behaviour of Safari ( in macOS) files being not readable can be because Safari is Sandboxed.

[ghost]

Right, I'll fix that.