这里的一个issue可以比较好地说明问题。大概就是说OS X的新版本引入了一个新机制,SIP。全名叫做System Integrity Protection,苹果官方的解释是
A new security policy that applies to every running process, including privileged code and code that runs out of the sandbox. The policy extends additional protections to components on disk and at run-time, only allowing system binaries to be modified by the system installer and software updates. Code injection and runtime attachments to system binaries are no longer permitted.
知乎上的这个问题里面有对SIP入门的介绍。大概就是说就算是Root权限也不能对一些二进制进行修改,这些二进制是在/System,/bin,/sbin,/usr (except /usr/local)中的。这就影响了proxychains的作用范围,不在上述目录中的二进制可以使用proxychains,而在其中的就不行了,悲剧的是ping,wget等等命令似乎都在这些目录中。那怎么解决这个问题呢。
最笨的方法,把所有命令都放在~/bin里,把~/bin放在路径里,这种方法就不说了,那还有更加简单粗暴的方法就是关闭SIP。关闭SIP的步骤可以参考下这里,大概分为三步:
- 重启Command + R进入recovery mode
- 左上角通用工具选择终端
- csrutil disable; reboot回车
然后在重启后的终端里输入csrutil status,会看到:
System Integrity Protection status: enabled (Custom Configuration).
Configuration:
Apple Internal: disabled
Kext Signing: disabled
Filesystem Protections: disabled
Debugging Restrictions: disabled
DTrace Restrictions: disabled
NVRAM Protections: disabled
This is an unsupported configuration, likely to break in the future and leave your machine in an unknown state.
然后proxychains就可以正常工作了,至于说的leave your machine in an unknown state.,只能寄希望于Time Machine了。
No comments:
Post a Comment