SUIDGuard - a TrustedBSD Kernel Extension that adds mitigations to protect SUID/SGID processes a bit more
C++ C
Latest commit 255da5a Mar 23, 2016 @bef bef updated for 10.11
Failed to load latest commit information.
SUIDGuardNG.xcodeproj updated for 10.11 Mar 23, 2016
SUIDGuardNG updated for 10.11 Mar 23, 2016 Update Mar 23, 2016

SUIDGuard - A kernel extension adding mitigations to OS X to make exploitation harder

Copyright (c) Stefan Esser / SektionEins GmbH, 2015. All rights reserved. -

OFFICIAL WEBSITE If you came here from a media article please checkout the official website


SUIDGuard is a TrustedBSD kernel driver that implements several mitigations to protect against weaknesses in the operating system usually abused in exploits.

  • protects SUID/SGID root binaries from DYLD_ environment variables by overwriting the string DYLD_ with XYLD_
  • protects the O_APPEND flag usually used when opening e.g. logfiles from being disabled by someone with credentials that are different from those used to open the file
  • disallows execution of executables without a __PAGEZERO segment (stops NULL page exploits like e.g. tpwn)

Tested with OS X Yosemite 10.10.5.

Downloads for OSX 10.10.x

ATTENTION: For ease of installation an autoloading version of this extension including a signed installer is available at



(source code on GitHub might not always be latest)

WARNING: These downloads are meant for OSX 10.10 only! Please uninstall before upgrading to 10.10.4!! (see issue #12 on details how to manually remove the extension after crash-on-boot)

Downloads for OSX 10.11